Hello! We have a pretty important story to cover — Redis, a popular database, has just reported a serious bug. This vulnerability has the potential to cause thousands of servers to be breached, so if you use Redis, you should pay attention.
• The bug occurs when a user runs a lua script inside of Redis. lua is Redis' built-in scripting language.
• Hackers can take advantage of the bug and conduct arbitrary code execution on your redis server.
• After the hacker has access, they could steal information, inject different forms of malware, or migrate to other systems.
• Security researchers have coined this vulnerability RediShell.
• Approximately 330,000 Redis servers are accessible through the internet.
• Of these servers, there are estimated to be around 60,000 that do not require a password.
• The Conditional Vulnerability, CVE 2025 49844, has been rated Critical by the National Vulnerability Database with a 10/10 severity that should not be taken lightly.
• The developers of Redis have already released patched versions.
• The message is clear, check your version **now** and upgrade/update to a patched version of redis.
2. If you are not able to upgrade straight away, disable Lua scripting.
3. Check to ensure that password authentication is enabled.
4. Configure Redis to run as a non-root user.
5. Limit network access to only trusted machines.
6. Monitor log files for anything unusual.
A combination of default settings, exposed Redis servers, and no password creates a larg security issue. I have seen teams with security issues simply because they left things to default, and this happens more than you realize.
• The exploitation of this vulnerability occurs through Lua scripting, which could give the attacker full control over your servers.
• Many online Redis servers are exposed, so you need to take immediate action.
• Updating, securing, and monitoring your servers should take place today.
You can thank me later — fixing this today could save you a massive headache tomorrow!
What is the bug?
• The bug is referred to as CVE 2025 49844.• The bug occurs when a user runs a lua script inside of Redis. lua is Redis' built-in scripting language.
• Hackers can take advantage of the bug and conduct arbitrary code execution on your redis server.
• After the hacker has access, they could steal information, inject different forms of malware, or migrate to other systems.
• Security researchers have coined this vulnerability RediShell.
How many servers are in danger?
• Redis is commonly utilized in cloud based deployments, caching, messaging, and databases.• Approximately 330,000 Redis servers are accessible through the internet.
• Of these servers, there are estimated to be around 60,000 that do not require a password.
• The Conditional Vulnerability, CVE 2025 49844, has been rated Critical by the National Vulnerability Database with a 10/10 severity that should not be taken lightly.
Which granularity of Redis is vulnerable? How do I fix it?
• Most versions of Redis that utilize lua scripting will be vulnerable to exploit.• The developers of Redis have already released patched versions.
• The message is clear, check your version **now** and upgrade/update to a patched version of redis.
Next Steps for You
1. Upgrade Redis to the patched version immediately.2. If you are not able to upgrade straight away, disable Lua scripting.
3. Check to ensure that password authentication is enabled.
4. Configure Redis to run as a non-root user.
5. Limit network access to only trusted machines.
6. Monitor log files for anything unusual.
Why This Needs Attention
Even mature, stable code can contain serious vulnerabilities. With Redis servers continuously being discovered and exposed online, it is concerning how quickly a potential hacker could exploit these vulnerabilities.A combination of default settings, exposed Redis servers, and no password creates a larg security issue. I have seen teams with security issues simply because they left things to default, and this happens more than you realize.
Final Comments
• There is a serious Redis vulnerability (CVE 2025 49844) that can be exploited by an attacker.• The exploitation of this vulnerability occurs through Lua scripting, which could give the attacker full control over your servers.
• Many online Redis servers are exposed, so you need to take immediate action.
• Updating, securing, and monitoring your servers should take place today.
You can thank me later — fixing this today could save you a massive headache tomorrow!
