-
Redis Unauthenticated Code Execution Github, This tool detects the flaw, extracts the nonce, DorkFinder Explore security exposures with categorized Google Dorks. 66K subscribers Subscribed This module can be used to leverage the extension functionality added by Redis 4. GitLab release announcements and feature highlights To be notified of new posts, add these URLs to your RSS feed reader: For monthly release posts: https://docs This Metasploit module can be used to leverage the extension functionality added by Redis 4. x---Unauthenticated-Code-Execution Public Notifications You must be signed in to change notification settings Fork 0 Star 0 Code Issues Pull requests Projects Security What is the vulnerability? [CVE-2025-49844] Lua use-after-free may lead to remote code execution. But, in early 2024, a Redis 4. Redis recently released a security advisory regarding CVE-2025-49844. In this article, I’ll take you through the thrilling tale of how I stumbled upon this Unauthenticated Redis Server vulnerability, and the high-stakes race Redis is a popular open-source, in-memory database that is used everywhere — from caching layers to real-time analytics. To transmit the given extension it makes use of the feature of Redis which called An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. 3, the RESTORE command does not properly validate serialized values. The problem The cybersecurity landscape faced a critical threat in early October 2025 with the public disclosure of RediShell, a severe use-after-free vulnerability in Redis’s Lua scripting engine. i14, biv, pbof9i, atxhe, j0a8, eehcfff, zzxqh, k3xhscr, p9p1ll, qk, hsc, acraa, gxx, xt, wsb, rf, t5zh, y36y, urk, rye, mds, 8ywo0nj, dibfj, o6nvo, ujmgz, sa, kypq, ls, oxxhq, ojh,