Critical Vulnerability Puts 60,000 Redis Servers at Risk of Exploitation

This exposes the servers to the exploitation of the newly discovered CVE-2025-49844 (CVSS score of 10/10), named RediShell, a use-after-free issue that may allow authenticated attackers to execute arbitrary code remotely.

Underlining that roughly 75% of cloud environments rely on Redis, Wiz explains that an attacker could fully compromise a system by sending a malicious Lua script to trigger the bug and escape the Lua sandbox to achieve code execution.

The script would also deploy a reverse shell to establish persistent access, allowing attackers to harvest credentials and other sensitive information, exfiltrate data, install malware, move laterally using the stolen sensitive data, and escalate their privileges.

“More Redis instances are exposed to internal networks where authentication may not be prioritized, allowing any host in the local network to connect to the database server. An attacker with a foothold in the cloud environment could gain access to sensitive data and exploit the vulnerability to run arbitrary code for lateral movement into sensitive networks,” Wiz notes.

To read the complete article see: SecurityWeek