漏洞描述
该漏洞该漏洞存在于Redis的Lua脚本执行模块中,拥有低权限及以上用户权限的攻击者可通过构造特殊的Lua脚本,操控垃圾回收机制,触发释放后重用(Use-After-Free)漏洞,从而可能导致远程代码执行。
Redis 存在远程代码执行漏洞(CVE-2025-49844)
PoC代码
暂无相关漏洞推荐
- 无POCRedis Lua 脚本 代码执行漏洞(CVE-2025-49844)
- POCredis-detect: Redis Service - Detect
- POCredis-unauthorized: Redis Unauthorized
- POCCVE-2022-0543: Redis Sandbox Escape - Remote Code Execution
- POCec2-unrestricted-redis: Unrestricted Redis Access
- POCcache-redis-encryption-disabled: ElastiCache Redis In-Transit and At-Rest Encryption - Disabled
- POCcache-redis-multiaz-disabled: ElastiCache Redis Multi-AZ - Disabled
- POCazure-redis-nonssl-port-disabled: Azure Redis Cache In-Transit Encryption Not Enabled
- POCazure-redis-tls-version-outdated: Azure Redis Cache TLS Version Not Latest
- POCredis-config: Redis Configuration File - Detect
- POCredis-exception-error: Redis Exception Connection Error Page
- POCflask-redis-docker: Flask Redis Queue Docker - Exposure
- POCunauth-redis-insight: RedisInsight - Unauthenticated Access