Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2025-49844Use After Free in Redis

CWE-416Use After Free30 documents15 sources
Severity
9.9CRITICALNVD
OSV8.8
EPSS
14.2%
top 5.61%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
10
RedisLfprojects ValkeyDebian Redict+7 more
Timeline
PublishedOct 3
Latest updateApr 13

Description

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be d

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages14 packages

CVEListV5redis/redis< 8.2.2
NVDredis/redis7.07.2.11+4
debiandebian/redis< redict 7.3.6+ds-1 (forky)
Debianredis/redis< 5:6.0.16-1+deb11u8+3

Patches

Patch: github.com

🔴Vulnerability Details

3
OSV
valkey vulnerabilities2025-11-26
OSV
CVE-2025-49844: Redis is an open source, in-memory database that persists on disk2025-10-03
VulnCheck
redis redis Use After Free2025

💥Exploits & PoCs

1
Nuclei
Redis Lua Parser < 8.2.2 - Use After Free

📋Vendor Advisories

11
Ubuntu
Redis, Lua vulnerabilities2026-04-13
Palo Alto
PAN-SA-2026-0005 Informational Bulletin: OSS CVEs Fixed in PAN-OS2026-04-08
CISA ICS
Schneider Electric Plant iT/Brewmaxx2026-03-24
Oracle
Oracle Oracle Communications Risk Matrix: Infrastructure (valkey) — CVE-2025-498442026-01-15
Ubuntu
Valkey vulnerabilities2025-11-26

🕵️Threat Intelligence

14
Securelist
Vulnerability landscape in Q4 20252026-03-06
Securelist
Exploits and vulnerabilities in Q4 20252026-03-06
Wiz
Top Wiz Research Blogs: 2025 | Wiz Blog2026-01-30
Wiz
Top Wiz Research Blogs: 2025 | Wiz Blog2026-01-30
Wiz
Crying Out Cloud Monthly Newsletter - November | Wiz2025-11-19