Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-49844 PoC — Redis Lua Use-After-Free may lead to remote code execution

Source
https://github.com/imbas007/CVE-2025-49844-Vulnerability-Scanner
Associated Vulnerability
Title:Redis Lua Use-After-Free may lead to remote code execution (CVE-2025-49844)
Description:Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.
Readme
# CVE-2025-49844 (RediShell) Vulnerability Scanner

A comprehensive vulnerability scanner for testing Redis instances against the critical CVE-2025-49844 (RediShell) vulnerability.

## About the Vulnerability

- **CVE ID**: CVE-2025-49844
- **Name**: RediShell
- **CVSS Score**: 10.0 (Critical)
- **Type**: Use-After-Free (UAF) in Lua Interpreter
- **Impact**: Remote Code Execution (RCE)

### Vulnerable Versions

All Redis versions before:
- Redis 8.2.2
- Redis 8.0.4
- Redis 7.4.6
- Redis 7.2.11

## Installation

### Prerequisites

```bash
# Install Python dependencies
pip install redis colorama

# Or use virtual environment
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
```

## Usage

The scanner supports both single target and list scanning:

```bash
# Show help
python3 CVE-2025-49844-Vulnerability-Scanner.py -h

# Single target scan
python3 CVE-2025-49844-Vulnerability-Scanner.py -t 192.168.1.1:6379

# List target scan
python3 CVE-2025-49844-Vulnerability-Scanner.py -l targets.txt

# Single target with custom output
python3 CVE-2025-49844-Vulnerability-Scanner.py -t 192.168.1.1:6379 -o vuln.txt

# List scan with custom settings
python3 CVE-2025-49844-Vulnerability-Scanner.py -l targets.txt -w 20 --timeout 5 -o vuln.txt --json results.json
```

## Command Line Options

- `-t, --target TARGET` - Single target to scan (IP:PORT format)
- `-l, --list LIST` - File containing list of targets (one per line)
- `-w, --workers WORKERS` - Number of concurrent workers (default: 50)
- `--timeout TIMEOUT` - Connection timeout in seconds (default: 5)
- `-o, --output OUTPUT` - Output file for vulnerable targets (default: vuln.txt)
- `--json JSON` - Save detailed results to JSON file
- `--verbose` - Verbose output
- `-h, --help` - Show help message

## Features

- **Multiple Scanner Types**: Enhanced, single target, and multi-target scanners
- **Concurrent Scanning**: Configurable worker threads for efficient scanning
- **Version Detection**: Automatic Redis version detection
- **Lua Scripting Test**: Verifies if Lua scripting is enabled
- **Vulnerability Detection**: Identifies CVE-2025-49844 vulnerable versions
- **Output Formats**: Text and JSON output options
- **Color-coded Results**: Easy to read terminal output
- **Detailed Reporting**: Comprehensive scan results with metadata

sorce: https://github.com/raminfp
File Snapshot

 [4.0K]  /data/pocs/3f9a6a5478763a061831584083cdf1bfd09aa9fe
├── [ 16K]  CVE-2025-49844-Vulnerability-Scanner.py
├── [2.3K]  README.md
└── [  29]  requirements.txt

1 directory, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →