Redis has disclosed CVE-2025-49844, a critical remote code execution vulnerability known as RediShell, with a CVSS score of 10.0. The flaw has existed for over 13 years and could allow attackers to run arbitrary commands on vulnerable systems. Thousands of exposed Redis instances may be at risk. Continue reading this Cybersecurity Threat Advisory to learn what the vulnerability means for your systems and how to stay protected.
What is the threat?
This vulnerability allows attackers to remotely execute code on Redis servers. Redis is a widely used open-source in-memory database that supports caching, session management, analytics, and real-time applications. The issue lies in how Redis handles the MODULE LOAD command when the enable-module-command option is turned on.
This command is designed to let administrators load modules into Redis while it is running. However, if Redis is exposed to the internet without authentication, attackers can exploit this feature to load malicious modules. These modules can contain any code the attacker chooses, and Redis will execute it with the same permissions it has. In some cases, that could mean root access or another highly privileged account.
Why is it noteworthy?
This vulnerability stands out because it has been present in Redis for over a decade, leaving many deployments potentially exposed without knowing it. Redis is widely used in both cloud and on-premises environments, often supporting critical systems. Its broad adoption, combined with how easily it can be exploited in misconfigured setups, makes CVE-2025-49844 a high-priority issue that demands immediate attention.
What is the exposure or risk?
If exploited, RediShell could give attackers full control over the affected server. They could manipulate or delete data, disrupt application functionality, and use the compromised system to launch additional attacks.
In cloud environments, this could lead to large-scale data breaches, service outages, and major financial and operational consequences. Publicly exposed Redis instances are at the greatest risk, but even internal systems could be vulnerable if an attacker gains access to the network.
What are the recommendations?
Barracuda strongly recommends organizations take these additional steps to secure their Redis instances:
- Upgrade Redis immediately to the patched versions provided in the official advisory.
- Disable the enable-module-command setting unless necessary.
- Restrict network access to Redis instances by binding to localhost or using firewalls/VPC security groups.
- Enable authentication for all Redis deployments and use strong, unique credentials.
- Monitor for suspicious activity, including unexpected module loads or shell command execution attempts.
Resource
For more in-depth information about the threat, please visit the following link:
If you have any questions about this Cybersecurity Threat Advisory, don’t hesitate to get in touch with Barracuda Managed XDR’s Security Operations Center.
This post originally appeared on Smarter MSP.