POC详情: b83c72f059b35d6780cc61c3b33b298061e90f00

来源
关联漏洞
标题: Redis 安全漏洞 (CVE-2025-32023)
描述:Redis是美国Redis公司的一套开源的使用ANSI C编写、支持网络、可基于内存亦可持久化的日志型、键值(Key-Value)存储数据库,并提供多种语言的API。 Redis存在安全漏洞,该漏洞源于超日志操作可能导致堆栈或堆越界写入,可能导致远程代码执行。以下版本受到影响:2.8版本至8.0.3版本、7.4.5版本、7.2.10版本和6.2.19之前版本。
描述
CVE-2025-32023
介绍
# CVE-2025-32023 - Redis Remote Code Execution (RCE) 🚨

## 🧠 Overview:

A **critical RCE vulnerability** affecting Redis (< 7.2.4), where attackers can **load malicious modules** using the `MODULE LOAD` command.

## 🕳️ Vulnerability Type:

Remote Code Execution (RCE)

## 💥 **Impact:**

An **unauthenticated attacker** can execute arbitrary code and gain full control of the Redis server.

## 🔓 **Requirements for Exploitation:**

* Redis is **exposed to the internet** 🌍
* No **authentication** is set (no `requirepass` or ACLs) ❌
* Attacker has **write access** to Redis 📝

## 🛠️ **Attack Steps:**

1. Upload malicious `.so` (shared object) file to the Redis server.
2. Use the `MODULE LOAD` command to load the module.
3. Achieve **remote code execution** 💣

## 🧪 **Tested On:**
Redis 7.2.3 and below

## 🚫 **Not Affected:**
Redis **7.2.4 and above**

## 🛡️ Mitigation Steps:

* ✅ Upgrade to **Redis 7.2.4+**
* 🔐 Use **ACLs** or set a strong `requirepass`
* 🧱 Block external access via **firewall**
* 📛 Disable `MODULE LOAD` if not needed

## ⚠️ Security Tip:

Never expose Redis directly to the internet without proper authentication, ACLs, and network restrictions. Redis is **meant to be internal**.

🧩 **CVSS Score:** 9.8 (Critical)

🧬 **Discovered By:** Security researchers in early 2025.

---

文件快照

[4.0K] /data/pocs/b83c72f059b35d6780cc61c3b33b298061e90f00 ├── [ 561] CVE-2025-32023.py ├── [1.3K] README.md └── [4.9K] solver-CVE-2025-32023.py 0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。