CVE-2022-0543

ENISA EUVD: EUVD-2022-15665 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 20, 2026 4 articles Published: 2022-02-18

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

94.4%

probability

This CVE has a 94.4% probability of being exploited in the next 30 days.

0% Top 100.0th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

CRITICAL

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS v2 (legacy)

10.0

HIGH

Access Vector

Network

Access Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Description

VulnerabilityLookup (CNA)

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.

Affected Products

Debian

redis

Debian

Redis

n/a

Debian

Redis

n/a

Attack Intelligence

CWE-284 · Improper Access Control CWE-285 · Improper Authorization CWE-862 · Missing Authorization

Exploits & PoC

0x7eTeam/CVE-2022-0543

CVE-2022-0543_RCE,Redis Lua沙盒绕过命令执行

95 2024-01-16

z92g/CVE-2022-0543

Redis 沙盒逃逸（CVE-2022-0543）POC&EXP

23 2022-07-23

SiennaSkies/redisHack

redis未授权、redis_CVE-2022-0543检测利用二合一脚本

4 2023-05-11

OpsCipher/CVE-2022-0543

Redis RCE through Lua Sandbox Escape vulnerability

0 2022-09-02

netw0rk7/CVE-2022-0543-Home-Lab

CVE-2022-0543 - Redis RCE Vulnerability home lab for Red Teaming, Penetration Testing Training with just one DOCKER

0 2025-12-01

5 repos — triés par ⭐ Rechercher sur GitHub ↗

https://bugs.debian.org/1005787

x_refsource_MISC

https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce

x_refsource_MISC

https://lists.debian.org/debian-security-announce/2022/msg00048.html

mailing-list x_refsource_MLIST

https://www.debian.org/security/2022/dsa-5081

vendor-advisory x_refsource_DEBIAN

https://security.netapp.com/advisory/ntap-20220331-0004/

x_refsource_CONFIRM

http://packetstormsecurity.com/files/166885/Redis-Lua-Sandbox-Escape.html

x_refsource_MISC

Signal Intelligence

Confidenceⓘ

78%

EPSS 94.4%

CVSS v3.1 10

Mentions 4

CNA Information

CNA Assigner

debian

Analyst Note

CVE-2022-0543 is a Lua sandbox escape flaw in Redis that was exploited in the wild by multiple botnets (Redigo, Muhstik, P2PInfect) shortly after disclosure. Articles explicitly reference this CVE as recently disclosed and actively exploited by threat actors targeting Redis servers, consistent with zero-day exploitation patterns.

Threat Actors 2

Kinsing

apt_group 🇷🇺 RU

TeamTNT

apt_group 🇩🇪 DE

Triage Info

Decided atMar 20, 2026

Published DateFeb 18, 2022