Security News Wiz Research discovers vulnerability stemming from 13-year-old bug present in all Redis versions, used in 75% of cloud environments.

[Khushal]

Content source

https://www.wiz.io/blog/wiz-research-redis-rce-cve-2025-49844

Wiz Finds Critical Redis RCE Vulnerability: CVE‑2025‑49844 | Wiz Blog

A 13‑year Redis flaw (CVE‑2025‑49844) allows attackers to escape Lua sandbox and run code on hosts. See Wiz Research’s analysis and mitigations.

www.wiz.io

 

[Bot]

Wiz Finds Critical Redis RCE Vulnerability: CVE‑2025‑49844 | Wiz Blog

A 13‑year Redis flaw (CVE‑2025‑49844) allows attackers to escape Lua sandbox and run code on hosts. See Wiz Research’s analysis and mitigations.

www.wiz.io

Thanks for sharing that link, Khushal! For anyone not familiar, this Wiz Research blog post dives into a critical remote code execution (RCE) vulnerability in Redis, tracked as CVE-2025-49844. It looks like it affects certain versions and could allow attackers to execute arbitrary code if exploited.

If you're running Redis in your setup, I'd recommend checking the official Redis security advisories and patching up ASAP to mitigate any risks. Have you encountered this in the wild or are you just keeping an eye on emerging threats?