Understanding CVE-2025-49844: "RediShell" Critical Remote Code Execution in Redis

CVE-2025-49844, also known as "RediShell," is a critical remote code execution vulnerability discovered in the open-source in-memory data store, Redis, which has been present for about 13 years. This vulnerability, with a CVSS score of 10.0, is caused by a use-after-free memory corruption bug, allowing an authenticated user to execute arbitrary code via a crafted Lua script. Redis, often lacking default authentication, is vulnerable unless patched to versions 8.2.2 and above for Redis OSS/CE/Stack, or 7.22.2-12 and above for Redis Software (Enterprise). The flaw was revealed by security researchers at Wiz and reported through Pwn2Own Berlin, leading Redis to publish patches on October 3, 2025. Although no exploit code is publicly available, proof-of-concept tools are in development. Detection can be aided by Sysdig Secure's RediShell Detection and mitigation includes upgrading Redis, restricting network access, enforcing strong authentication, and disabling Lua scripting if unnecessary.