CVE-2025-49844

Redis Lua Use-After-Free Vulnerability | Critical RCE Risk

CVE-2025-49844 is an authenticated remote code execution vulnerability in the Lua scripting engine of Redis, the open-source in-memory data store widely used around the world to store ephemeral data and manage caching & user sessions. 

The flaw allows an authenticated user to execute arbitrary code through a specially crafted Lua script that manipulates the garbage collector. Redis disclosed the issue on October 3, 2025, as part of an ongoing effort by the Redis community to maintain security and compliance.

Redis assigned the issue a CVSS 3.1 base score of 10.0 (Critical). While exploitation requires valid credentials, authentication is not required by default, so many Redis instances are configured without needing to login. Organizations who use Redis both externally and internally without authentication configured are at significant risk of exploitation, though no active exploitation has been observed.

Technical Details

  • CVE-2025-49844 results from improper memory handling in Redis’ Lua engine when processing garbage-collected objects.
  • An attacker with access can craft and send a malicious Lua script to trigger a use-after-free condition, leading to arbitrary code execution.
  • Successful exploitation could allow full remote control of the Redis instance, enabling attackers to further escalate privileges, install malware, or exfiltrate data, and move deeper into the organization.
  • Redis rated the flaw at CVSS 10.0 due to the potential for full compromise once authentication is achieved.

NodeZero® Offensive Security Platform — Rapid Response

The Redis Rapid Response test, released October 9, 2025, enables customers to safely check if they are at risk.

  • Run the Rapid Response test — Horizon3.ai customers: run the NodeZero Rapid Response test from the customer portal to determine whether any Redis instances are vulnerable and unauthenticated.

    Note: In order to maintain production safety, this Rapid Response test does not attempt to exploit the issue. It instead relies on the service’s self-reported version number.

  • Patch immediately — upgrade to the latest fixed Redis versions listed below. If patching is delayed, restrict access to trusted management IPs, enable protected mode, and enforce strong authentication for all instances.

Indicators of Compromise

IndicatorTypeDescription
Unauthorized access to RedisBehaviorConnections from unknown IPs or users not normally accessing Redis
Unknown or anomalous Lua scriptsBehaviorPresence of unexpected or suspicious Lua code in the Redis database
Redis server crash logsBehaviorCrashes or stack traces originating from the Lua engine
Unexpected command executionBehaviorUnusual process activity or command execution by the redis-server user
Unusual network trafficBehaviorIngress or egress traffic anomalies from Redis hosts
File system changesBehaviorUnexpected modifications to directories containing Redis configuration or persistent data

Find risk exposure with Rapid Response Test

Find risk exposure with Rapid Response Test

Affected versions & patch

  • Affected:
    • All Redis Software releases prior to:
      • 7.22.2-12 and above
      • 7.8.6-207 and above
      • 7.4.6-272 and above
      • 7.2.4-138 and above
      • 6.4.2-131 and above
    • All Redis OSS/CE/Stack releases with Lua scripting prior to:
      • OSS/CE: 8.2.2+, 8.0.4+, 7.4.6+, 7.2.11+
      • Stack: 7.4.0-v7+, 7.2.0-v19+
  • Patch: Upgrade to the versions listed above to remediate the vulnerability. Redis Cloud users are already protected, as the hosted platform has been patched. 

References

🔗 Redis Security AdvisoryBlog

🔗 Redis GitHub Security Advisories page

🔗 OpenCVE

Read about other CVEs

CVE-2024-23108

Fortinet FortiSIEM 2nd Order Command Injection

Read More

CVE-2023-43208

NextGen Mirth Connect Pre-Auth RCE

Read More

CVE-2023-34992

Fortinet FortiSIEM Command Injection

Read More

NodeZero® Platform

Implement a continuous find, fix, and verify loop with NodeZero

The NodeZero® platform empowers your organization to reduce your security risks by autonomously finding exploitable weaknesses in your network, giving you detailed guidance around how to priortize and fix them, and having you immediately verify that your fixes are effective.
Explore NodeZero

Recognized By