Gianluca Varisco’s Post

**Critical Security Vulnerability in Redis: CVE-2025-49844** *Please read the original article at https://lnkd.in/dWRy87d2 A critical vulnerability, CVE-2025-49844 (CVSS Score 10.0), has been discovered in Redis involving a Lua scripting flaw that can lead to remote code execution. This flaw, known as a "use-after-free," allows an attacker with authenticated access to exploit the Redis Lua garbage collector. To protect your Redis instance, restrict network access, enforce strong authentication, and limit permissions—especially for users allowed to run Lua scripts. Redis Cloud users are already patched. However, for those managing Redis themselves, immediate upgrades are necessary. Fixes are available in Redis OSS, CE, Stack, and Software versions starting from OSS 8.2.2, CE 7.2.11, and corresponding patched software releases. There’s no evidence of exploitation so far, but signs to watch for include unexpected Redis scripting activity, anomalous file changes, and unexplained crashes involving the Lua engine. This vulnerability was responsibly disclosed by security researchers from Wiz and Trend Micro’s Zero Day Initiative. Organizations should upgrade immediately and review their Redis deployment for suspicious activity.

A critical vulnerability (CVE-2025-49844) has been identified in Redis, rated at CVSS level of 10.0. This vulnerability enables an authenticated user to manipulate the garbage collector through a customized Lua script. Such manipulation can trigger a use-after-free scenario, potentially leading to remote code execution. This exploit poses a significant risk, serving as a potential gateway for pivoting or unauthorized access to sensitive data, after initial entry point has been established. Time to update Redis. #update #redis #VulnerabilityManagement #RediShell link: https://lnkd.in/dD4bfY89

🛡 S4E Updates: Redis Lua Engine RCE Detection A critical memory corruption flaw in Redis’s Lua scripting engine can allow attackers to escape the sandbox and execute arbitrary code on the host. This long-standing issue, known as a Use-After-Free in Lua’s parser, exposes thousands of cloud and containerized Redis instances worldwide. At S4E, we’ve integrated a new detection scan to identify and mitigate this risk automatically, powered by our AI-driven CTEM engine for continuous protection. 👉 Run the updated Redis RCE scan for free: https://lnkd.in/dcTWZVB5 #Redis #RCE #CyberSecurity #S4E #CTEM #VulnerabilityManagement #AI

The discovery of RediShell (a 13-year-old, CVSS 10.0 Redis flaw) is a reminder to all of us that even trusted, widely-used open source services can harbor critical risks. It's time to go beyond the patch. Our co-founder and CEO, Piyush Sharrma, walked Dark Reading through the steps to take to mitigate the risk of the vuln: ▪️ Identify misconfigured or outdated Redis builds through continuous asset discovery. ▪️ Validate real-world exploitability using safe simulations. ▪️ Disable Lua for untrusted users and isolate exposed nodes. Check out the full article here: https://lnkd.in/dHWD6n2m

I came across this article from Wiz Research, and it was both a realization and a reminder for me that many of us (myself included) have been using Redis as if it were an in-memory cache. But Redis isn’t “just a cache.” It can persist data (via RDB or AOF) and even execute Lua scripts. That means it can hold sensitive data and, if exposed, become a potential attack vector — exactly what the recent RediShell research highlights. It’s a good reminder to treat Redis like any other datastore and to review its ingress/egress controls, authentication, and scripting permissions, not just memory usage and latency. https://lnkd.in/dRrPEf-Z

Wiz Research has uncovered a critical Remote Code Execution (RCE) vulnerability, CVE-2025-49844 which we've dubbed #RediShell, in the widely used Redis in-memory data structure store. The vulnerability has been assigned a CVSS score of 10.0 - the highest possible severity. The vulnerability exploits a Use-After-Free (UAF) memory corruption bug that has existed for approximately 13 years in the Redis source code. This flaw allows a post auth attacker to send a specially crafted malicious Lua script (a feature supported by default in Redis) to escape from the Lua sandbox and achieve arbitrary native code execution on the Redis host. https://lnkd.in/dbQXPUee

🚨Critical Redis RCE, and how bifrost customers are already protected Redis is one of the world’s most widely deployed in-memory data stores, used everywhere from microservices caching layers to real-time analytics and AI workloads. Its speed, simplicity, and open-source nature have made it a cornerstone in cloud-native stacks across industries. Last week, Redis published a security advisory for CVE-2025-49844, a critical remote code execution vulnerability uncovered by Wiz. The flaw allows attackers to exploit specific misconfigurations in the Lua sandbox, enabling them to execute arbitrary commands under certain conditions. For unprotected Redis deployments, this could lead to data theft, privilege escalation, or full environment compromise. 🛡️At bifrost, Redis containers are safeguarded through tailored AppArmor allow-profiles that strictly confine each process to its intended behavior. Our runtime enforcement ensures that even if a vulnerability like CVE-2025-49844 is triggered, the exploited process cannot spawn shells, run arbitrary binaries, or touch anything outside Redis’ legitimate paths and syscalls.   Customers running Redis under bifrost can rest easy. They’re already shielded from the fallout of RCEs like this one. Our tailored profiles provide teams with the breathing room they need to patch Redis calmly and correctly, without rushing emergency redeployments or disrupting production. 🗣️ Want to see how we can help you limit your attack surface? Contact us here directly or use the link in the comments!

The Redis CVE that came up this week was pretty nasty. It's the first 10 I see in a long time 😵. 👉 https://lnkd.in/gddN_N5t If you haven’t patched your servers yet, please do it as soon as possible—especially if they’re exposed to the public internet. Now that we’ve weathered that storm, I wanted to share three reflections: 1️⃣ The Redis community is amazing. Vulnerabilities happen, that’s just a fact of software. What really matters is how teams respond. The Redis team and open source community were diligent, transparent, and released patches for multiple versions (not just the latest one). That takes real intention, hard work, and resources. Huge respect. 2️⃣ Customer obsession in action. We use Redis in the paid version of Okteto. Our team jumped into action immediately, spinning up a patched version and rolling out updates for all our customers in record time. We often talk about being “customer-centric,” but it’s something else entirely to see it happen in real time. 3️⃣ A real-world benefit of remote development environments. For customers using our BYOC product, we operate their development platform. Because dev environments run remotely (instead of on individual laptops), both we and our customers had instant visibility into their level of exposure and could remediate the vulnerability quickly. It’s a great example of the operational advantages of remote dev environments.

Wiz Research recently discovered a critical RCE vulnerability in Redis (CVE-2025-49844), rated with a CVSS score of 10.0. The flaw exploits a long‑standing issue in the Redis Lua scripting engine, potentially allowing attackers to escape the Lua sandbox and execute arbitrary code on the host machine. Dragonfly’s implementation uses a newer version of the Lua engine, which is a significant mitigating factor. Based on our current evidence, we have not identified any impact on Dragonfly instances. However, we are continuing our investigation to be absolutely certain. We are committed to providing a definitive conclusion and will update you immediately if anything changes. As always, we recommend keeping your deployments up to date and applying best practices (such as VPC peering) for securing your Dragonfly data stores. https://hubs.la/Q03MDkv-0

Critical Alert: Redis Remote Code Execution (CVE-2025-49844) - "RediShell" Original report - https://lnkd.in/gAq_cvze A 13-year-old Use-After-Free (UAF) memory corruption flaw allows escaping the Lua sandbox. Enables attackers to execute arbitrary native code on Redis hosts, leading to full system compromise. 1️⃣ Prerequisites for Attack Targetting Redis versions with Lua scripting enabled (default in many installations). Authenticated access to the Redis instance is required, yet many Redis setups lack strong authentication (approx. 60,000 publicly exposed instances have no password). Widespread cloud adoption with over 330,000 instances exposed, many deployed as containers without secure defaults. 2️⃣ Vulnerability Overview Attackers can steal credentials, deploy malware, and move laterally within cloud environments. 3️⃣ Mitigation & Remediation Steps ✅ Immediately upgrade Redis to patched versions - 7.22.2-12 and above, 7.8.6-207 and above, 7.4.6-272 and above, 7.2.4-138 and above, 6.4.2-131 and above ✅ Enable Redis authentication (requirepass directive). ✅ Disable or restrict Lua scripting for non-essential use with ACLs. ✅ Run Redis with minimal privileges (non-root user). ✅ Limit network access via firewalls, security groups, and VPC segmentation. ✅ Enable logging and monitoring for suspicious activity. ⚠️ The scale and severity demand urgent action from all organizations using Redis! #Cybersecurity #CloudSecurity #Redis #VulnerabilityManagement #IncidentResponse #InfoSec #DevSecOps