{"id":16524,"date":"2025-10-18T00:00:23","date_gmt":"2025-10-17T16:00:23","guid":{"rendered":"https:\/\/www.quape.com\/?p=16524"},"modified":"2025-10-18T00:02:25","modified_gmt":"2025-10-17T16:02:25","slug":"critical-redis-vulnerability-cve-2025-49844","status":"publish","type":"post","link":"https:\/\/www.quape.com\/zh\/critical-redis-vulnerability-cve-2025-49844\/","title":{"rendered":"Redis \u4e25\u91cd\u6f0f\u6d1e (CVE-2025-49844)"},"content":{"rendered":"<div id=\"bsf_rt_marker\"><\/div><div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-transparent ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">\u76ee\u5f55<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"\u5207\u6362\u76ee\u5f55\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">\u5207\u6362<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewbox=\"0 0 24 24\" version=\"1.2\" baseprofile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.quape.com\/zh\/critical-redis-vulnerability-cve-2025-49844\/#Overview\" >\u6982\u8ff0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.quape.com\/zh\/critical-redis-vulnerability-cve-2025-49844\/#Impact\" >\u5f71\u54cd<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.quape.com\/zh\/critical-redis-vulnerability-cve-2025-49844\/#Affected_Versions\" >\u53d7\u5f71\u54cd\u7684\u7248\u672c<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.quape.com\/zh\/critical-redis-vulnerability-cve-2025-49844\/#Mitigation_and_Best_Practices\" >\u7f13\u89e3\u63aa\u65bd\u548c\u6700\u4f73\u5b9e\u8df5<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.quape.com\/zh\/critical-redis-vulnerability-cve-2025-49844\/#How_QUAPE_Protects_Our_Customers\" >QUAPE \u5982\u4f55\u4fdd\u62a4\u6211\u4eec\u7684\u5ba2\u6237<\/a><\/li><\/ul><\/nav><\/div>\n<h3 data-start=\"245\" data-end=\"261\"><span class=\"ez-toc-section\" id=\"Overview\"><\/span><strong data-start=\"249\" data-end=\"261\">\u6982\u8ff0<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p data-start=\"262\" data-end=\"595\">Redis \u53d1\u5e03\u4e86 <strong data-start=\"283\" data-end=\"311\">\u5173\u952e\u5b89\u5168\u66f4\u65b0<\/strong> \u4fee\u8865\u65b0\u53d1\u73b0\u7684\u6f0f\u6d1e\uff08<strong data-start=\"355\" data-end=\"373\">CVE-2025-49844<\/strong>) \u5bf9\u8fd0\u884c\u53d7\u5f71\u54cd Redis \u7248\u672c\u7684\u670d\u52a1\u5668\u6784\u6210\u4e25\u91cd\u5a01\u80c1\u3002<br data-start=\"446\" data-end=\"449\" \/>\u8be5\u7f3a\u9677\u5df2\u88ab\u6307\u5b9a\u4e3a <strong data-start=\"479\" data-end=\"515\">CVSS v3.1 \u8bc4\u5206\u4e3a 9.9 \u5206\uff08\u6ee1\u5206 10 \u5206\uff09<\/strong>\uff0c\u8fd9\u6807\u5fd7\u7740\u5b83\u662f\u6700\u8fd1 Redis \u7248\u672c\u4e2d\u6700\u4e25\u91cd\u7684\u6f0f\u6d1e\u4e4b\u4e00\u3002<\/p>\n<hr data-start=\"597\" data-end=\"600\" \/>\n<h3 data-start=\"602\" data-end=\"616\"><span class=\"ez-toc-section\" id=\"Impact\"><\/span><strong data-start=\"606\" data-end=\"616\">\u5f71\u54cd<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p data-start=\"617\" data-end=\"926\">\u4e00\u4e2a <strong data-start=\"620\" data-end=\"646\">\u5df2\u8ba4\u8bc1\u653b\u51fb\u8005<\/strong> \u53ef\u4ee5\u901a\u8fc7\u4e0a\u4f20 <strong data-start=\"695\" data-end=\"725\">\u6076\u610f\u7f16\u5199\u7684\u811a\u672c<\/strong>\uff0c\u53ef\u80fd\u5bfc\u81f4 <strong data-start=\"750\" data-end=\"781\">\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\uff08RCE\uff09<\/strong> \u5728 Redis \u4e3b\u673a\u4e0a\u3002<br data-start=\"800\" data-end=\"803\" \/>\u6210\u529f\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u80fd\u4f1a\u5bfc\u81f4 <strong data-start=\"841\" data-end=\"864\">\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee<\/strong>, <strong data-start=\"866\" data-end=\"885\">\u6570\u636e\u6cc4\u9732<\/strong>\uff0c\u751a\u81f3 <strong data-start=\"897\" data-end=\"925\">\u5b8c\u5168\u7cfb\u7edf\u63a5\u7ba1<\/strong>.<\/p>\n<hr data-start=\"928\" data-end=\"931\" \/>\n<h3 data-start=\"933\" data-end=\"958\"><span class=\"ez-toc-section\" id=\"Affected_Versions\"><\/span><strong data-start=\"937\" data-end=\"958\">\u53d7\u5f71\u54cd\u7684\u7248\u672c<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p data-start=\"959\" data-end=\"1001\">\u4ee5\u4e0b Redis \u7248\u672c\u53d7\u5230\u5f71\u54cd\uff1a<\/p>\n<ul data-start=\"1003\" data-end=\"1267\">\n<li data-start=\"1003\" data-end=\"1113\">\n<p data-start=\"1005\" data-end=\"1033\"><strong data-start=\"1005\" data-end=\"1023\">Redis \u8f6f\u4ef6<\/strong> \u4e4b\u524d\uff1a<\/p>\n<ul data-start=\"1036\" data-end=\"1113\">\n<li data-start=\"1036\" data-end=\"1049\">\n<p data-start=\"1038\" data-end=\"1049\">7.22.2-12<\/p>\n<\/li>\n<li data-start=\"1052\" data-end=\"1065\">\n<p data-start=\"1054\" data-end=\"1065\">7.8.6-207<\/p>\n<\/li>\n<li data-start=\"1068\" data-end=\"1081\">\n<p data-start=\"1070\" data-end=\"1081\">7.4.6-272<\/p>\n<\/li>\n<li data-start=\"1084\" data-end=\"1097\">\n<p data-start=\"1086\" data-end=\"1097\">7.2.4-138<\/p>\n<\/li>\n<li data-start=\"1100\" data-end=\"1113\">\n<p data-start=\"1102\" data-end=\"1113\">6.4.2-131<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li data-start=\"1114\" data-end=\"1208\">\n<p data-start=\"1116\" data-end=\"1159\"><strong data-start=\"1116\" data-end=\"1149\">Redis OSS\/\u793e\u533a\u7248<\/strong> \u4e4b\u524d\uff1a<\/p>\n<ul data-start=\"1162\" data-end=\"1208\">\n<li data-start=\"1162\" data-end=\"1171\">\n<p data-start=\"1164\" data-end=\"1171\">8.2.2<\/p>\n<\/li>\n<li data-start=\"1174\" data-end=\"1183\">\n<p data-start=\"1176\" data-end=\"1183\">8.0.4<\/p>\n<\/li>\n<li data-start=\"1186\" data-end=\"1195\">\n<p data-start=\"1188\" data-end=\"1195\">7.4.6<\/p>\n<\/li>\n<li data-start=\"1198\" data-end=\"1208\">\n<p data-start=\"1200\" data-end=\"1208\">7.2.11<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li data-start=\"1209\" data-end=\"1267\">\n<p data-start=\"1211\" data-end=\"1236\"><strong data-start=\"1211\" data-end=\"1226\">Redis \u5806\u6808<\/strong> \u4e4b\u524d\uff1a<\/p>\n<ul data-start=\"1239\" data-end=\"1267\">\n<li data-start=\"1239\" data-end=\"1251\">\n<p data-start=\"1241\" data-end=\"1251\">7.4.0-v7<\/p>\n<\/li>\n<li data-start=\"1254\" data-end=\"1267\">\n<p data-start=\"1256\" data-end=\"1267\">7.2.0-v19<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<hr data-start=\"1269\" data-end=\"1272\" \/>\n<h3 data-start=\"1274\" data-end=\"1311\"><span class=\"ez-toc-section\" id=\"Mitigation_and_Best_Practices\"><\/span><strong data-start=\"1278\" data-end=\"1311\">\u7f13\u89e3\u63aa\u65bd\u548c\u6700\u4f73\u5b9e\u8df5<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p data-start=\"1312\" data-end=\"1485\">Redis \u7528\u6237\u548c\u7ba1\u7406\u5458 <strong data-start=\"1347\" data-end=\"1389\">\u5f3a\u70c8\u5efa\u8bae\u7acb\u5373\u66f4\u65b0<\/strong> \u5230\u6700\u65b0\u7684\u4fee\u8865\u7248\u672c\u3002<br data-start=\"1420\" data-end=\"1423\" \/>\u5982\u679c\u65e0\u6cd5\u5347\u7ea7\uff0c\u8bf7\u91c7\u53d6\u4ee5\u4e0b\u9884\u9632\u63aa\u65bd\uff1a<\/p>\n<ul data-start=\"1487\" data-end=\"1665\">\n<li data-start=\"1487\" data-end=\"1551\">\n<p data-start=\"1489\" data-end=\"1551\">\u9650\u5236 Redis \u8bbf\u95ee <strong data-start=\"1514\" data-end=\"1543\">\u53ef\u4fe1\u5185\u90e8\u7f51\u7edc<\/strong> \u4ec5\u6709\u7684\u3002<\/p>\n<\/li>\n<li data-start=\"1552\" data-end=\"1604\">\n<p data-start=\"1554\" data-end=\"1604\"><strong data-start=\"1554\" data-end=\"1591\">\u7981\u7528\u6216\u76d1\u63a7\u811a\u672c\u4e0a\u4f20<\/strong> \u5c0f\u5fc3\u3002<\/p>\n<\/li>\n<li data-start=\"1605\" data-end=\"1665\">\n<p data-start=\"1607\" data-end=\"1665\">\u5ba1\u67e5 <strong data-start=\"1614\" data-end=\"1639\">\u7cfb\u7edf\u548c Redis \u65e5\u5fd7<\/strong> \u7528\u4e8e\u4e0d\u5bfb\u5e38\u7684\u6d3b\u52a8\u3002<\/p>\n<\/li>\n<\/ul>\n<hr data-start=\"1667\" data-end=\"1670\" \/>\n<h3 data-start=\"1672\" data-end=\"1712\"><span class=\"ez-toc-section\" id=\"How_QUAPE_Protects_Our_Customers\"><\/span><strong data-start=\"1676\" data-end=\"1712\">QUAPE \u5982\u4f55\u4fdd\u62a4\u6211\u4eec\u7684\u5ba2\u6237<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p data-start=\"1713\" data-end=\"2054\">\u5728 <strong data-start=\"1716\" data-end=\"1725\">QUAPE<\/strong>\uff0c\u5b89\u5168\u662f\u6211\u4eec\u7684\u9996\u8981\u4efb\u52a1\u3002<br data-start=\"1756\" data-end=\"1759\" \/>\u4e3a\u4e86\u51cf\u8f7b\u5916\u90e8\u5265\u524a\u7684\u98ce\u9669\uff0c <strong data-start=\"1805\" data-end=\"1856\">\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u6240\u6709\u5916\u90e8 Redis \u7aef\u53e3\u5747\u88ab\u963b\u6b62<\/strong> \u5728\u6211\u4eec\u7684\u6258\u7ba1\u57fa\u7840\u8bbe\u65bd\u4e0a\u3002<br data-start=\"1887\" data-end=\"1890\" \/>Redis \u670d\u52a1\u53ea\u80fd\u901a\u8fc7\u4ee5\u4e0b\u65b9\u5f0f\u8bbf\u95ee <strong data-start=\"1929\" data-end=\"1958\">\u5b89\u5168\u7684\u5185\u90e8\u7f51\u7edc<\/strong> \u6216\u8005 <strong data-start=\"1962\" data-end=\"1999\">\u901a\u8fc7\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fde\u63a5<\/strong>\uff0c\u5927\u5927\u51cf\u5c11\u4e86\u6f5c\u5728\u653b\u51fb\u7684\u98ce\u9669\u3002<\/p>\n<p data-start=\"2056\" data-end=\"2175\">\u6211\u4eec\u8fd8\u9a8c\u8bc1\u4e86 QUAPE \u7ba1\u7406\u7684\u6240\u6709 Redis \u5b9e\u4f8b\u90fd\u662f <strong data-start=\"2124\" data-end=\"2152\">\u5df2\u4fee\u8865\u4e14\u4e0d\u53d7\u5f71\u54cd<\/strong> \u53d7\u6b64\u6f0f\u6d1e\u5f71\u54cd\u3002<\/p>\n<p data-start=\"2177\" data-end=\"2394\">\u5bf9\u4e8e\u8fd0\u8425\u81ea\u5df1\u7684 Redis \u670d\u52a1\u5668\u7684\u5ba2\u6237\uff0c\u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u7acb\u5373\u5e94\u7528\u6700\u65b0\u66f4\u65b0\u3002<br data-start=\"2286\" data-end=\"2289\" \/>\u5982\u679c\u60a8\u9700\u8981\u5e2e\u52a9\u9a8c\u8bc1\u73af\u5883\u7684\u5b89\u5168\u6027\uff0c\u6211\u4eec\u7684\u6280\u672f\u56e2\u961f\u53ef\u4ee5\u4e3a\u60a8\u63d0\u4f9b\u5e2e\u52a9\u3002<\/p>\n<hr data-start=\"2396\" data-end=\"2399\" \/>\n<p data-start=\"2401\" data-end=\"2492\">\ud83d\udcd8 <strong data-start=\"2404\" data-end=\"2418\">\u53c2\u8003\uff1a<\/strong><br data-start=\"2418\" data-end=\"2421\" \/>https:\/\/redis.io\/blog\/security-advisory-cve-2025-49844\/<\/p>","protected":false},"excerpt":{"rendered":"<p>Overview Redis has released a critical security update to patch a newly discovered vulnerability (CVE-2025-49844) that poses a serious threat to servers running affected Redis versions.This flaw has been assigned a CVSS v3.1 score of 9.9 out of 10, marking it as one of the most severe vulnerabilities in recent Redis releases. Impact An authenticated [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":16527,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[93],"tags":[],"class_list":["post-16524","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security"],"_links":{"self":[{"href":"https:\/\/www.quape.com\/zh\/wp-json\/wp\/v2\/posts\/16524","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.quape.com\/zh\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quape.com\/zh\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quape.com\/zh\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quape.com\/zh\/wp-json\/wp\/v2\/comments?post=16524"}],"version-history":[{"count":0,"href":"https:\/\/www.quape.com\/zh\/wp-json\/wp\/v2\/posts\/16524\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.quape.com\/zh\/wp-json\/wp\/v2\/media\/16527"}],"wp:attachment":[{"href":"https:\/\/www.quape.com\/zh\/wp-json\/wp\/v2\/media?parent=16524"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quape.com\/zh\/wp-json\/wp\/v2\/categories?post=16524"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quape.com\/zh\/wp-json\/wp\/v2\/tags?post=16524"}],"curies":[{"name":"\u53ef\u6e7f\u6027\u7c89\u5242","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}