Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Redis Lua use-after-free remote code execution flaw (CVE-2025-49844)

Vulnerability
First reported
Last updated
Happening score
H score 25
2 unique sources, 2 articles

Summary

Hide ▲

Redis CVE-2025-49844 is a maximum-severity flaw in the Lua scripting engine that can let authenticated attackers trigger remote code execution on vulnerable hosts. The issue is a 13-year-old use-after-free nicknamed RediShell, and Redis and Wiz disclosed it on October 3. Redis has released security updates, and the article says there is no evidence of exploitation in the wild yet. Exposure is highest on internet-facing Redis instances, including systems without authentication.

Related Happenings

ComfyUI cryptomining and proxy botnet campaign targeting exposed instances

Campaign
First: 07.04.2026 15:46 Last: 07.04.2026 15:46 Sources 1

About this happening: An **active ComfyUI campaign** is scanning exposed instances, exploiting unsafe custom nodes, and enlisting compromised hosts into a **cryptomining and proxy botnet**. The operati...

Open Happening

F5 BIG-IP APM active exploitation wave (CVE-2025-53521)

Exploitation Wave
First: 02.04.2026 11:25 Last: 02.04.2026 11:25 Sources 1

About this happening: As of **2026-04-02**, ongoing attacks are exploiting **CVE-2025-53521** against **F5 BIG-IP APM** systems, leaving more than **14,000** exposed online and at risk of remote code e...

Open Happening

CISA KEV mitigation for BeyondTrust CVE-2026-1731

Advisory/Mitigation
First: 20.02.2026 19:02 Last: 20.02.2026 19:02 Sources 1

About this happening: CISA ordered urgent **KEV** mitigation for **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access**, forcing affected federal deployments to **apply th...

Open Happening

CISA KEV multi-product active exploitation wave (CVE-2020-7796)

Exploitation Wave
First: 18.02.2026 08:52 Last: 18.02.2026 08:52 Sources 1

About this happening: **CISA** expanded its **KEV catalog** with **four actively exploited flaws**, signaling a live exploitation wave across **Chrome, TeamT5 ThreatSonar, Zimbra, and Windows Video Act...

Open Happening

BeyondTrust Remote Support and Privileged Remote Access CVE-2026-1731 active exploitation wave

Exploitation Wave
First: 12.02.2026 23:34 Last: 12.02.2026 23:34 Sources 1

About this happening: **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access** is now seeing **first in-the-wild exploitation**, putting exposed appliances at risk of remote...

Open Happening

Timeline

  1. 06.10.2025 18:55 3 articles · 7mo ago

    Redis releases fixes for CVE-2025-49844

    Mitigation Patch Update

    Redis released security updates for CVE-2025-49844, a maximum-severity Lua use-after-free that can enable remote code execution on vulnerable Redis hosts. Operators were urged to patch internet-exposed instances immediately and harden deployments by enabling authentication, disabling Lua scripting and other unnecessary commands, running Redis as a non-root user, and limiting access with logging, monitoring, firewalls, and VPCs.

    Show sources
    Open in new tab
  2. 06.10.2025 18:55 1 articles · 7mo ago

    Redis and Wiz warn about RediShell exposure

    Initial Disclosure

    Redis warned about CVE-2025-49844 as a maximum-severity Lua use-after-free that can enable remote code execution, while Wiz identified the issue as RediShell and said it affects all Redis versions through the underlying Lua interpreter root cause. Wiz also said around 330,000 Redis instances were exposed online, including at least 60,000 that did not require authentication.

    Show sources
    Open in new tab