10/10/2025

Week 41 – RediShell: The 13-Year-Old Redis Bug That Came Back to Byte

06 – 12 Oct 2025

A critical use-after-free vulnerability has surfaced in Redis — lurking in the codebase for over a decade. Dubbed RediShell, this CVSS 10.0 flaw lets attackers craft malicious Lua scripts to hijack memory and potentially execute remote code, reminding us that even the most trusted open-source tools can carry long-buried risks.

This week’s CVE of the Week is a use-after-free memory corruption bug that has been present in the Redis source code for approximately 13 years.

It allows an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger the use-after-free condition, and potentially achieve remote code execution. By default, Redis does not come with authentication enabled, and as a result, many developers do not enable authentication in their deployments.

The vulnerability has been assigned a CVSS score of 10.0 – the highest possible severity (note that we have seen this listed as a 9.9 in some places, depending on the source).

This vulnerability was discovered by security researchers at Wiz and reported through Pwn2Own Berlin in May 2025, and it has been dubbed “RediShell.” Redis published patches on October 3, 2025.

At the time of this publication, no exploit code is publicly available. However, proof-of-concept tools are making progress towards successful execution.

Redis Cloud customers were automatically patched and do not require action.

There are several steps you can take to protect your Redis from being accessed by a malicious actor. To minimize the risk of exploitation, it’s important to follow these best practices:

Restrict network access: Ensure that only authorized users and systems have access to the Redis database. Use firewalls and network policies to limit access to trusted sources and prevent unauthorized connectivity.
Enforce strong authentication: Enforce the use of credentials for all access to Redis instances. Avoid configurations that allow unauthenticated access, and ensure protected-mode is enabled (in CE and OSS) to prevent accidental exposure.
Limit permissions: Ensure that user identities with access to Redis are granted the minimum permissions necessary. Only allow trusted identities to run Lua scripts or any other potentially risky commands.

Find further details about the issue under the links below:
https://redis.io/blog/security-advisory-cve-2025-49844/
https://www.sysdig.com/blog/cve-2025-49844-redishell

White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024.

With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.

They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.

Author: White Hat IT Security

Filed Under: CVE of the Week

Tags: cve, cveoftheweek, cybersecurity, informationsecurity, WhiteHatSeries

Week 40 – Brain Hacked: Cisco ASA Zero-Day Goes Deeper Than Patching