Redis, the omnipresent in-memory data structure store, has a major vulnerability. This isn’t just an issue with the current version of the software. This fatal flaw requires urgent correction. There are an estimated 330,000 Redis instances exposed to the open internet, with roughly 60,000 having no authentication configured whatsoever. This was fixed in a handful of patched versions, which were released on October 3, 2025.
This would enable a local, authenticated user to execute arbitrary code on the system through the use of specially crafted Lua scripts. This vulnerability may allow for remote code execution. In the hands of an attacker, this vulnerability provides a path to complete host system compromise, experts are warning. With this access, they can control sensitive data and resources. Given the importance of this current situation, security researchers have warned users to take strong, proactive security steps.
Understanding the Vulnerability
With respect to the recently discovered Redis vulnerability, this presents a serious risk to organizations in all sectors. With hundreds of thousands of known identified exposures around the world, the risk is very high. As security firm Wiz drives home how damaging default insecure configurations combined with the widespread deployment of infrastructure are, organizations must prioritize and remediate as soon as possible.
“With hundreds of thousands of exposed instances worldwide, this vulnerability poses a significant threat to organizations across all industries,” – Wiz
This makes the mechanics of exploiting this flaw such that an attacker would need authenticated access to a Redis instance. A malicious actor could leverage a specially crafted Lua script to gain control of the garbage collector. Providing this manipulation would lead to remote code execution.
“An authenticated user may use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free, and potentially lead to remote code execution,” – GitHub advisory
Recommended Security Measures
According to experts, users should follow a number of precautionary measures to harden their Redis instances. One of the major recommendations is to not leave Redis instances exposed to the internet. Users must practice robust authentication protocols to ensure only the right people have access.
Block usage of EVAL and EVALSHA commands based on an access control list (ACL). This strategy can go a long way in mitigating the risks associated with executing Lua scripts. Even so, this approach can be a useful stopgap measure to prevent abuse while users update to the patched Redis versions.
“The combination of widespread deployment, default insecure configurations, and the severity of the vulnerability creates an urgent need for immediate remediation,” – Wiz
Moreover, it’s really important that only trusted identities are ever permitted to execute potentially malicious commands (like Lua scripts). This limitation helps prevent illicit tampering and protects private data from exposure.
Addressing the Issue
The severity of this vulnerability has not escaped the attention of the Redis development team. They have patched the vulnerability in 6.2.20, 7.2.11, 7.4.6, 8.0.4, and 8.2.2. Users are encouraged to update as soon as possible to these patched versions to improve their security posture.