Researchers have uncovered a 13-year-old critical remote-code-execution flaw in Redis that let attackers escape the product’s Lua sandbox and execute native code on the host, creating a straight line from a malicious script to complete system compromise.
The bug, tracked as CVE-2025-49844 and nicknamed RediShell, carried a top severity score — 10.0 on the CVSS scale — and affected every Redis release the researchers tested.
The vulnerability originated in a use-after-free defect that had lived in Redis source for roughly 13 years, researchers at Wiz said.
An attacker with the ability to submit a Lua script — a capability that Redis supports by default — could trigger the flaw, break out of the embedded Lua interpreter and run arbitrary native code on the host. That sequence let attackers steal credentials, deploy malware or pivot to other cloud services by using stolen IAM tokens.
Wiz quantified the exposure for cloud operators. The researchers found roughly 330,000 Redis instances exposed to the internet, about 60,000 without any authentication enabled, and a majority of cloud deployments running Redis as container images without security hardening. Those defaults, combined with the ubiquity of Redis for caching and session storage, meant defenders face a rapidly escalating attack surface.
Attack flow mapped by researchers followed a familiar but dangerous pattern. An attacker could send a crafted Lua payload, exploit the use-after-free to escape the sandbox, establish a reverse shell, then harvest SSH keys, IAM tokens and certificates before moving laterally.
The post-exploit phase could include installing cryptominers, exfiltrating sensitive keys or encrypting data for extortion. Because the exploit requires no prior authentication on many default installs, defenders cannot rely on account controls to blunt initial access.
Redis developers moved quickly after responsible disclosure. The Redis project published a security advisory and released patched builds on Oct. 3; Wiz credited the Redis team for collaborating during the disclosure. Still, researchers urged organizations to treat any Redis instance that faces the internet — and many internal, unauthenticated instances — as high priority for patching given the exploitability and reach.
Also read: New Malware ‘Redigo’ Detected, Exploits Redis Servers
Mitigations followed three practical threads. First, upgrade Redis to the vendor’s patched version immediately and prioritize internet-facing hosts. Second, harden configurations by enabling authentication, remove or restrict Lua scripting where operations do not need it, run Redis under a non-root account and lock down container images. Third, apply network controls and monitoring. Place Redis behind firewalls or private VPCs, log and alert on unusual Lua execution, and hunt for newly written binaries or reverse-shell indicators on hosts that run Redis.
The discovery also raised broader supply-chain and cloud governance questions. Wiz argued the root cause traced to an aging code path in a dependency that many cloud services implicitly trust; in practice that made Redis a risk multiplier across modern infrastructure. The research reinforced a recurring theme. Infrastructure components that handle high-value data and run with broad privileges represent attractive, high-impact targets for attackers.
For CISO and security operations teams, the immediate calculus will hinge on exposure and posture. Teams that ran Redis in default container images without ACLs or put instances on public subnets faced the shortest window for action.
Those with Redis isolated in private networks or wrapped behind robust WAF and network policy controls could buy time to stage careful patching and verification. Researchers also recommended rotating any credentials or tokens that Redis instances might have stored or exposed prior to patching.
Wiz researchers said they would publish deeper technical analysis later and intentionally withheld exploit specifics to give defenders time to act. Meanwhile, the company invited organizations to use its threat-center queries to inventory and triage Redis instances. The discovery reminded cloud operators that decades-old code paths can still yield modern, high-severity breakouts — and that rapid, deterministic patching remains a first-line defense.
