CVE-2025-49844

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions

Redis versions 5.7.0 through 5.8.0 Redict versions 7.3.2+ds-1ubuntu0.1 Valkey versions prior to 8.1.1+dfsg1-3+deb13u1

Description

Redis and Redict are vulnerable to a Lua scripting interface issue that could allow an authenticated attacker to trigger a use-after-free condition, potentially leading to remote code execution. Valkey is vulnerable to multiple security issues in its Lua scripting interface that could result in arbitrary code execution or denial of service.

Recommendations

Upgrade Redis to version 5.7.0.15-1~deb12u6 for bookworm or 5.8.0.2-3+deb13u1 for trixie. Upgrade Redict to version 7.3.2+ds-1ubuntu0.1. Upgrade Valkey to version 8.1.1+dfsg1-3+deb13u1.

Exploit

Fix

RCE

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025:19237

ALSA-2025:19238

ALSA-2025:19345

ALSA-2025:19675

ALSA-2025:20926

ALSA-2025:20955

ALSA-2025:21916

ALSA-2025:21936

ALSA-2025_16880

ALSA-2025_19237

ALSA-2025_19238

ALSA-2025_19345

ALSA-2025_20926

ALSA-2025_20955

ALSA-2025_21916

ALT-PU-2025-12931

ALT-PU-2025-12954

ALT-PU-2025-13204

ALT-PU-2025-1851

AZL-68226

AZL-68352

AZL-68363

AZL-68426

BDU:2025-12553

BIT-KEYDB-2025-49844

BIT-REDIS-2025-49844

BIT-VALKEY-2025-49844

CESA-2025_19238

CLEANSTART-2026-AF35851

CLEANSTART-2026-AV02020

CLEANSTART-2026-BX37171

CLEANSTART-2026-DI78859

CLEANSTART-2026-DL37890

CLEANSTART-2026-EL98096

CLEANSTART-2026-GJ95666

CLEANSTART-2026-IR62391

CLEANSTART-2026-JR53141

CLEANSTART-2026-LU31244

CLEANSTART-2026-MZ27698

CLEANSTART-2026-PR27884

CLEANSTART-2026-QK48981

CLEANSTART-2026-QX99194

CLEANSTART-2026-RA63757

CLEANSTART-2026-WI17406

CLEANSTART-2026-XH31600

CLEANSTART-2026-YM75307

CVE-2025-49844

DLA-4325-1

DSA-6020-1

DSA-6022-1

GHSA-4789-QFC9-5F9Q

INFSA-2025_19237

INFSA-2025_19238

INFSA-2025_19345

INFSA-2025_20926

INFSA-2025_20955

INFSA-2025_21916

MGASA-2025-0307

OESA-2025-2389

OESA-2025-2390

OESA-2025-2450

OESA-2025-2451

OESA-2025-2452

OESA-2025-2453

OESA-2026-1063

OPENSUSE-SU-2025:15600-1

OPENSUSE-SU-2025:15604-1

OPENSUSE-SU-2025:20121-1

OPENSUSE-SU-2026:20003-1

RHSA-2025:19237

RHSA-2025:19238

RHSA-2025:19239

RHSA-2025:19318

RHSA-2025:19345

RHSA-2025:19399

RHSA-2025:19675

RHSA-2025:20926

RHSA-2025:20955

RHSA-2025_19237

RHSA-2025_19238

RHSA-2025_19345

RHSA-2025_20926

RHSA-2025_20955

RHSA-2025_21916

SUSE-SU-2025:03499-1

SUSE-SU-2025:03500-1

SUSE-SU-2025:03501-1

SUSE-SU-2025:03502-1

SUSE-SU-2025:03505-1

SUSE-SU-2025:03506-1

SUSE-SU-2025:03507-1

SUSE-SU-2026:20022-1

USN-7824-1

USN-7824-2

USN-7824-3

USN-7893-1

USN-8169-1

ZDI-25-933

Affected Products

Alt Linux

Almalinux

Centos

Debian

Linuxmint

Red Hat

Red Os

Redis

Rocky Linux

Suse

Ubuntu

CVE-2025-49844

Weakness Enumeration

Related Identifiers

Affected Products

References · 429