PRP: Redis CVE-2025-49844 (RediShell) RCE

[OccamsXor]

• Identifier of the vulnerability: CVE-2025-49844 (RediShell)
• Affected software: Redis
• Type of vulnerability: RCE
• Requires authentication: Yes (However the official Redis container, by default, does not require authentication.)
• Language you would use for writing the plugin: Python (Not sure it will be templated)
• Resources:
  https://www.wiz.io/blog/wiz-research-redis-rce-cve-2025-49844

[github-actions]

Welcome to the Tsunami patch reward program!

Your issue has been added to our triage queue and will reviewed
shortly. The panel usually takes a decision once per week, so it
can take up to a week before you hear back from us.

Please, do not start the work until the panel has reached a
decision. Although we always welcome contributions, unapproved
work is not eligible for a reward.

~The Tsunami PRP team

[github-actions]

This message is addressed to the Tsunami panel.

Contributor stats

• The contributor has 0 issues tagged as main;
• The contributor has 0 issues tagged as queue.

Useful links

• All open issues from this contributor
• All open PRs from this contributor

[tooryx]

Automated message: Do not reply to that comment or tag the author. We just announced a temporary program freeze please see #752 for details. Thank you for your understanding and patience.

[github-actions]

Congratulations, your request has been approved! 🎉

This means that you can start working on this contribution.

❗ Please take a moment to fill the participation form

If you are unsure where to start, we have compiled a set of
useful guides in our documentation:

📖 https://google.github.io/tsunami-security-scanner/howto/

Unfortunately, our documentation is not yet complete for
fingerprints, Python plugins and weak credential detectors. For
these, we recommend looking at existing plugins.

📢 Read latest announcements on GitHub pages

~The Tsunami PRP team

[YuriyPobezhymov]

@tooryx, can you please assign this detector to me?

[OccamsXor]

I am still working on this issue. Thank you.