{"id":20508,"date":"2025-10-10T18:15:29","date_gmt":"2025-10-10T09:15:29","guid":{"rendered":"https:\/\/cloud.sakura.ad.jp\/news\/?p=20508"},"modified":"2025-10-10T18:15:29","modified_gmt":"2025-10-10T09:15:29","slug":"cve-2025-49844","status":"publish","type":"post","link":"https:\/\/cloud.sakura.ad.jp\/news\/2025\/10\/10\/cve-2025-49844\/","title":{"rendered":"\u3010\u91cd\u8981\u3011Redis\u300cRediShell\uff08CVE-2025-49844\uff09\u300d\u306b\u95a2\u3059\u308b\u6ce8\u610f\u559a\u8d77"},"content":{"rendered":"<p>Redis \u306b\u304a\u3044\u3066\u3001Lua \u30b9\u30af\u30ea\u30d7\u30c8\u6a5f\u80fd\u3092\u60aa\u7528\u3057\u305f\u91cd\u5927\u306a\u8106\u5f31\u6027\uff08\u901a\u79f0\u300cRediShell\u300d\uff09\u304c\u516c\u958b\u3055\u308c\u307e\u3057\u305f\u3002\u8a8d\u8a3c\u6e08\u307f\u30e6\u30fc\u30b6\u304c\u7d30\u5de5\u3057\u305f Lua \u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5b9f\u884c\u3059\u308b\u3068\u3001Lua \u306e\u30ac\u30fc\u30d9\u30b8\u30b3\u30ec\u30af\u30bf\u306e\u4e0d\u5177\u5408\u3092\u8a98\u767a\u3057\u3001\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\uff08RCE\uff09\u306b\u81f3\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<br \/>\nCVSS \u306f 10.0\uff08Critical\uff09\u3068\u8a55\u4fa1\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u304a\u5ba2\u69d8\u74b0\u5883\u306e\u5f71\u97ff\u6709\u7121\u3092\u3054\u78ba\u8a8d\u306e\u3046\u3048\u3001\u901f\u3084\u304b\u306a\u5bfe\u7b56\u3092\u304a\u9858\u3044\u3044\u305f\u3057\u307e\u3059\u3002<br \/>\n<!--more--><\/p>\n<h3>\u5f71\u97ff\u3092\u53d7\u3051\u308b\u304a\u5ba2\u69d8<\/h3>\n<p>\u30fb\u5f0a\u793e\u30af\u30e9\u30a6\u30c9\uff08IaaS \u7b49\uff09\u4e0a\u3067 \u304a\u5ba2\u69d8\u304c\u81ea\u3089\u69cb\u7bc9\u30fb\u904b\u7528\u3059\u308b Redis \u3092\u3054\u5229\u7528\u4e2d\u3067\u3001\u8a8d\u8a3c\u306a\u3057\u306b\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u3078\u8a72\u5f53\u30b5\u30fc\u30d3\u30b9\u3092\u516c\u958b\u3057\u3066\u3044\u308b<\/p>\n<p>Lua \u30b9\u30af\u30ea\u30d7\u30c8\u6a5f\u80fd\u3092\u6709\u3059\u308b\u5168\u3066\u306e Redis \u7cfb\u5217 \u304c\u5f71\u97ff\u5bfe\u8c61\u3067\u3059\u3002OSS\/CE \u306f 8.2.1 \u4ee5\u4e0b\u304c\u5f71\u97ff\u3057\u3001\u4fee\u6b63\u7248\u306f 8.2.2 \u4ee5\u964d\uff08\u307b\u304b 8.0.4\uff0f7.4.6\uff0f7.2.11 \u306a\u3069\uff09 \u3067\u63d0\u4f9b\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<h3>\u672c\u8106\u5f31\u6027\u306b\u3064\u3044\u3066\uff08\u6982\u8981\uff09<\/h3>\n<table>\n<tbody>\n<tr>\n<th>\u8b58\u5225\u5b50<\/th>\n<td>CVE-2025-49844\uff08\u901a\u79f0 RediShell\uff09<\/td>\n<\/tr>\n<tr>\n<th>\u5f71\u97ff<\/th>\n<td>\u8a8d\u8a3c\u5f8c\u306b\u7d30\u5de5\u3055\u308c\u305f Lua \u30b9\u30af\u30ea\u30d7\u30c8\u3067 use-after-free \u3092\u8a98\u767a\u3057\u3001RCE \u306b\u81f3\u308b\u53ef\u80fd\u6027<\/td>\n<\/tr>\n<tr>\n<th>\u6df1\u523b\u5ea6<\/th>\n<td>CVSS 10.0\uff08Critical\uff09<\/td>\n<\/tr>\n<tr>\n<th>\u4fee\u6b63\u72b6\u6cc1<\/th>\n<td>OSS\/CE 8.2.2 \u4ee5\u964d\u307b\u304b\u8a72\u5f53\u7cfb\u7d71\u3067\u4fee\u6b63\u6e08\u307f<\/td>\n<\/tr>\n<tr>\n<th>\u5099\u8003<\/th>\n<td>\u60aa\u7528\u306b\u306f Redis \u3078\u306e\u8a8d\u8a3c\u6e08\u307f\u30a2\u30af\u30bb\u30b9\u304c\u524d\u63d0\u3002\u3057\u305f\u304c\u3063\u3066\u300c\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u9732\u51fa\u300d\u300c\u5f31\u3044\u8a8d\u8a3c\u300d\u300c\u904e\u5270\u6a29\u9650\u300d\u306e\u7d44\u5408\u305b\u304c\u7279\u306b\u5371\u967a\u3067\u3059\u3002<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3>\u60f3\u5b9a\u3055\u308c\u308b\u5f71\u97ff<\/h3>\n<p>Redis \u30d7\u30ed\u30bb\u30b9\u6a29\u9650\u3067\u306e\u4efb\u610f\u30b3\u30fc\u30c9\u5b9f\u884c\u3001\u60c5\u5831\u7a83\u53d6\u30fb\u6539\u3056\u3093\u30fb\u30de\u30eb\u30a6\u30a7\u30a2\u8a2d\u7f6e\u7b49\u306b\u3064\u306a\u304c\u308b\u304a\u305d\u308c\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<h3>\u304a\u5ba2\u69d8\u3078\u306e\u304a\u9858\u3044\uff08\u5bfe\u7b56\uff09<\/h3>\n<p>\u53ef\u80fd\u306a\u9650\u308a\u65e9\u6025\u306b Redis \u3092\u4fee\u6b63\u7248\uff088.2.2 \u4ee5\u4e0a\u3001\u307e\u305f\u306f\u8a72\u5f53\u7cfb\u5217\u306e\u4fee\u6b63\u30ea\u30ea\u30fc\u30b9\uff09\u3078\u66f4\u65b0\u3057\u3066\u304f\u3060\u3055\u3044\u3002<br \/>\n\u307e\u305f\u3001\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u304b\u3089\u306e\u30a2\u30af\u30bb\u30b9\u3092\u5236\u9650\u3059\u308b\u3001\u5f37\u529b\u306a\u8a8d\u8a3c\u3092\u5f37\u5236\u3059\u308b\u306a\u3069\u3001Redis\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\u3055\u308c\u305f\u30e6\u30fc\u30b6\u30fc\u3068\u30b7\u30b9\u30c6\u30e0\u306e\u307f\u306b\u5236\u9650\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<h3>\u53c2\u8003\u60c5\u5831<\/h3>\n<p>\u30fb<a href=\"https:\/\/redis.io\/blog\/security-advisory-cve-2025-49844\/\" target=\"_blank\" rel=\"noopener noreferrer\">Redis \u516c\u5f0f\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a2\u30c9\u30d0\u30a4\u30b6\u30ea\uff08CVE-2025-49844\u3001\u4fee\u6b63\u7248\u30d0\u30fc\u30b8\u30e7\u30f3\u4e00\u89a7\u30fb\u7de9\u548c\u7b56\u306e\u8981\u70b9\uff09<\/a><br \/>\n\u30fb<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-49844\" target=\"_blank\" rel=\"noopener noreferrer\">NVD\uff08CVE-2025-49844 \u306e\u6280\u8853\u6982\u8981\u30fb\u5f71\u97ff\u30d0\u30fc\u30b8\u30e7\u30f3\uff09<\/a><\/p>\n<h3>\u66f4\u65b0\u5c65\u6b74<\/h3>\n<p>2025\u5e7410\u670810\u65e5\uff1a\u521d\u56de\u516c\u958b<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Redis \u306b\u304a\u3044\u3066\u3001Lua \u30b9\u30af\u30ea\u30d7\u30c8\u6a5f\u80fd\u3092\u60aa\u7528\u3057\u305f\u91cd\u5927\u306a\u8106\u5f31\u6027\uff08\u901a\u79f0\u300cRediShell\u300d\uff09\u304c\u516c\u958b\u3055\u308c\u307e\u3057\u305f\u3002\u8a8d\u8a3c\u6e08\u307f\u30e6\u30fc\u30b6\u304c\u7d30\u5de5\u3057\u305f Lua \u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5b9f\u884c\u3059\u308b\u3068\u3001Lua \u306e\u30ac\u30fc\u30d9\u30b8\u30b3\u30ec\u30af\u30bf\u306e\u4e0d\u5177\u5408\u3092\u8a98\u767a\u3057\u3001\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\uff08RCE\uff09\u306b\u81f3\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002 CVSS \u306f 10.0\uff08Critical\uff09\u3068\u8a55\u4fa1\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u304a\u5ba2\u69d8\u74b0\u5883\u306e\u5f71\u97ff\u6709\u7121\u3092\u3054\u78ba\u8a8d\u306e\u3046\u3048\u3001\u901f\u3084\u304b\u306a\u5bfe\u7b56\u3092\u304a\u9858\u3044\u3044\u305f\u3057\u307e\u3059\u3002<\/p>\n","protected":false},"author":70,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-20508","post","type-post","status-publish","format-standard","hentry","category-1"],"_links":{"self":[{"href":"https:\/\/cloud.sakura.ad.jp\/news\/wp-json\/wp\/v2\/posts\/20508","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloud.sakura.ad.jp\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloud.sakura.ad.jp\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloud.sakura.ad.jp\/news\/wp-json\/wp\/v2\/users\/70"}],"replies":[{"embeddable":true,"href":"https:\/\/cloud.sakura.ad.jp\/news\/wp-json\/wp\/v2\/comments?post=20508"}],"version-history":[{"count":2,"href":"https:\/\/cloud.sakura.ad.jp\/news\/wp-json\/wp\/v2\/posts\/20508\/revisions"}],"predecessor-version":[{"id":20872,"href":"https:\/\/cloud.sakura.ad.jp\/news\/wp-json\/wp\/v2\/posts\/20508\/revisions\/20872"}],"wp:attachment":[{"href":"https:\/\/cloud.sakura.ad.jp\/news\/wp-json\/wp\/v2\/media?parent=20508"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloud.sakura.ad.jp\/news\/wp-json\/wp\/v2\/categories?post=20508"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloud.sakura.ad.jp\/news\/wp-json\/wp\/v2\/tags?post=20508"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}