Critical Redis Security Vulnerability CVE-2025-49844 Allows Remote Code Execution
By
khaled_ismaeel
Crispy enough to crunch, soft enough to enjoy. A good bake.
Summary
Redis has identified and fixed a critical security vulnerability (CVE-2025-49844) that allows authenticated users to execute remote code through a use-after-free vulnerability in Lua scripts. The vulnerability has a maximum CVSS score of 10.0 and affects Redis instances, potentially enabling attackers to manipulate the garbage collector and achieve remote code execution. The advisory provides information about affected versions and remediation steps.
Key quotes
· 3 pulled[CVE-2025-49844] Lua use-after-free may lead to remote code execution. CVSS Score: 10.0 (Critical)
An authenticated user may use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution.
As part of an ongoing effort by Redis and the Redis community to maintain Redis' safety, security, and compliance posture, a security vulnerability in Redis has been identified and remediated.
You might also wanna read
VS Code Remote-SSH Vulnerability Enables Lateral Movement from Developer Machines to Cloud Servers
A critical vulnerability in Visual Studio Code's Remote-SSH extension creates a post-compromise attack path enabling threat actors to pivot
cybersecuritynews.com·3d ago
Critical 7-Zip vulnerability (CVE-8.8) enables code execution via crafted archive files; update to version 26.01 urged
A critical 8.8-rated CVE vulnerability has been discovered in the popular open-source archive utility 7-Zip. The flaw allows remote code exe
tomshardware.com·1d ago