## https://sploitus.com/exploit?id=A00BEB3A-2B54-5408-BB08-81AEC1E57255
# CVE-2025-49844 - Redis Lua Interpreter Exploit



A powerful Redis exploitation tool that leverages CVE-2025-49844 vulnerability to bypass all security protections and gain unauthorized access to Redis servers.
## Features
- Bypass all security mechanisms (ASLR, DEP, StackGuard, NXBit, PIE)
- Exploit Use-After-Free vulnerability in Redis Lua interpreter
- Execute arbitrary shellcode on target systems
- Establish persistent backdoor access
- Stealth operation with minimal detection footprint
## Requirements
- Python 3.6+
- Redis server with vulnerable version
- Required Python packages:
```
pip install redis colorama
```
## Installation
```bash
git clone https://github.com/Yuri08loveElaina/CVE-2025-49844.git
cd CVE-2025-49844
pip install -r requirements.txt
chmod +x redis_exploit.py
```
## Usage
```bash
./redis_exploit.py -H -p [-a ] [-m ]
```
### Options
- `-H, --host`: Target Redis host (default: localhost)
- `-p, --port`: Target Redis port (default: 6379)
- `-a, --auth`: Redis password (if required)
- `-m, --mode`: Exploit mode (default: all)
- `check`: Check if target is vulnerable
- `bypass`: Bypass security protections
- `uaf`: Trigger UAF vulnerability
- `shellcode`: Execute shellcode
- `persist`: Establish persistence
- `all`: Run all exploits sequentially
### Examples
```bash
# Basic exploitation
./redis_exploit.py -H 192.168.1.100
# With authentication
./redis_exploit.py -H 192.168.1.100 -p 6380 -a mypassword
# Run specific exploit only
./redis_exploit.py -H 192.168.1.100 -m shellcode
```
## Vulnerable Versions
- Redis 7.2.x before 7.2.11
- Redis 7.4.x before 7.4.6
- Redis 8.0.x before 8.0.4
- Redis 8.2.x before 8.2.2
## Detection
This tool is designed to be stealthy and avoid detection. However, some indicators may include:
- Unusual Lua script execution patterns
- Memory allocation anomalies
- Unexpected garbage collection cycles
## Disclaimer
This tool is for educational and authorized testing purposes only. The authors are not responsible for any misuse or damage caused by this tool. Use only on systems you own or have explicit permission to test.
## License
This project is licensed under the MIT License - see the LICENSE file for details.