HOMEVULNERABILITIESCVE-2025-49844
UNKNOWNCISA KEVIN THE WILD

CVE-2025-49844

Published: April 11, 2026

Official Description

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.

NVD Source

Technical Analysis

CVE-2025-49844 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

CISA has added CVE-2025-49844 to the Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild. U.S. federal agencies are required to patch this within the mandated timeframe, and all organizations should treat remediation as urgent.

Exploit & PoC Resources

ACTIVE EXPLOITATIONConfirmed exploitation in the wild
External links open in a new tab. Always verify in a controlled environment before use.

News & Research Mentioning CVE-2025-49844

Schneider Electric Plant iT/Brewmaxx
CISA Alerts· Mar 24, 2026

View CSAF Summary Successful exploitation of these vulnerabilities could risk privilege escalation, which could result in remote code execution. The following versions of Schneider Electric Plant iT/Brewmaxx are affected: Plant iT/Brewmaxx 9.60_and_above (CVE-2025-49844, CVE-2025-46817, CVE-2025-46818, CVE-2025-46819) CVSS Vendor Equipment Vulnerabilities v3 9.9 Schneider Electric Schneider Electric Plant iT/Brewmaxx Use After Free, Integer Overflow or Wraparound, Improper Control of Generation of Code ('Code Injection') Background Critical Infrastructure Sectors: Energy, Critical Manufacturing, Commercial Facilities Countries/Areas Deployed: Worldwide Company Headquarters Location: France Vulnerabilities Expand All + CVE-2025-49844 The affected prod [xlite_meta score:79 src:CISA Alerts xlite_fp:f8865a59a3fcaec05a6e7b3379d6b9b78f1b08b9aadb24f82c59ab4f599a1d38]

Quick Facts

CVE IDCVE-2025-49844
Severity
CISA KEVYES — Active Exploitation
ExploitIN THE WILD
PublishedApr 11, 2026

Known Threat Actors

B0
financial
core
financial
J
financial

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2025-49844 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
  • !CISA KEV: Federal agencies must patch per BOD 22-01 timeline
  • !Active exploitation confirmed — treat as P1
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.