RediShell RCE (CVE-2025-49844) - 8,000 Redis Instances Exposed
Category:Vulnerabilities / Exploitation
The RediShell RCE flaw (CVE-2025-49844) in Redis’s Lua scripting engine enables host-level remote code execution. Criminal IP researchers identified 8,500 exposed instances globally, with over 50% in the U.S., France, and Germany. Attackers can exploit the vulnerability by sending malicious Lua scripts to achieve arbitrary code execution.
CORTEX Protocol Intelligence Assessment
Business Impact: Critical exposure of Redis servers can lead to full system compromise and credential theft. Organizations using Redis without authentication face immediate exploitation risk. Technical Context: CVE-2025-49844 stems from a use-after-free in the Lua sandbox, allowing attackers to escape and execute native code.
Strategic Intelligence Guidance
- Upgrade to patched Redis version immediately.
- Restrict public access to port 6379 and enable AUTH/ACL authentication.
- Disable EVAL and EVALSHA commands if unused.
- Continuously monitor Redis instances using ASM or CTI tools.
CVEs
Vendors
Threats
Targets
Intelligence Source: RediShell RCE Alert: Over 8,000 Redis Instances - Immediate Update Recommended | CIP Blog | Oct 30, 2025