CVE-2022-0543

CRITICAL KEV NUCLEI LAB

Redis Lua Sandbox Escape

Title source: metasploit
STIX 2.1

Exploitation Summary

CVE-2022-0543 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 28, 2022. EIP tracks 9 public exploits from researchers including 0x7eTeam, z92g, JacobEbben, including a Metasploit module exploits/linux/redis/redis_debian_sandbox_escape. A Nuclei detection template is also available.

AI-analyzed exploit summary This PoC exploits CVE-2022-0543, a Redis Lua sandbox bypass vulnerability, to achieve remote command execution by loading the Lua 'io' library and executing arbitrary commands via `io.popen`.

Description

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.

Exploits (9)

nomisec WORKING POC 95 stars
by 0x7eTeam · remote
https://github.com/0x7eTeam/CVE-2022-0543

This PoC exploits CVE-2022-0543, a Redis Lua sandbox bypass vulnerability, to achieve remote command execution by loading the Lua 'io' library and executing arbitrary commands via `io.popen`.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Redis (versions affected by CVE-2022-0543)
Auth required
Prerequisites: Network access to Redis instance · Valid Redis authentication credentials (if required)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 25 stars
by z92g · remote
https://github.com/z92g/CVE-2022-0543

This is a functional exploit for CVE-2022-0543, a Redis sandbox escape vulnerability. It leverages Lua script execution to achieve remote command execution (RCE) on vulnerable Redis instances.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Redis (versions affected by CVE-2022-0543)
Auth required
Prerequisites: Network access to Redis instance · Redis instance with Lua scripting enabled · Valid credentials if authentication is required
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 9 stars
by JacobEbben · remote
https://github.com/JacobEbben/CVE-2022-0543

This is a functional exploit for CVE-2022-0543, a Lua sandbox escape vulnerability in Redis. It allows remote command execution via crafted Lua scripts, with options for reverse shells, single commands, or an interactive shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Redis (versions affected by CVE-2022-0543)
Auth required
Prerequisites: Network access to Redis instance · Valid credentials if authentication is enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 4 stars
by SiennaSkies · remote
https://github.com/SiennaSkies/redisHack

This repository contains a Python script that checks for Redis unauthenticated access and exploits CVE-2022-0543, a Lua sandbox escape vulnerability, to achieve remote command execution (RCE).

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Redis with Lua scripting enabled
No auth needed
Prerequisites: Redis server with unauthenticated access or weak credentials · Lua scripting enabled in Redis
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by netw0rk7 · poc
https://github.com/netw0rk7/CVE-2022-0543-Home-Lab

This repository provides a Docker-based lab environment to demonstrate CVE-2022-0543, a Redis Lua sandbox escape vulnerability specific to Debian/Ubuntu packages. It includes a vulnerable Redis instance and references an external PoC for exploitation.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Redis (Debian/Ubuntu packages)
No auth needed
Prerequisites: Redis installed via Debian/Ubuntu package · Exposed Redis instance without authentication
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by OpsCipher · poc
https://github.com/OpsCipher/CVE-2022-0543

This repository contains a functional exploit for CVE-2022-0543, a Lua sandbox escape vulnerability in Redis. The exploit leverages Lua's package.loadlib to escape the sandbox and execute arbitrary commands, including reverse shells.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Redis (versions affected by CVE-2022-0543)
Auth required
Prerequisites: Redis instance with Lua scripting enabled · Authentication credentials if required
devstral-2 · analyzed May 23, 2026 Full analysis →
nomisec WORKING POC
by abramas · poc
https://github.com/abramas/CVE-2022-0543

This repository contains a functional exploit for CVE-2022-0543, a Lua sandbox escape vulnerability in Redis. The exploit leverages the Lua sandbox escape to execute arbitrary commands, including reverse shells and single command execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Redis (versions affected by CVE-2022-0543)
Auth required
Prerequisites: Access to a vulnerable Redis instance · Valid credentials if authentication is enabled
devstral-2 · analyzed Mar 07, 2026 Full analysis →
vulncheck_xdb WRITEUP
remote
https://github.com/vulhub/vulhub

This repository is part of the Vulhub project, which provides pre-built Docker environments for vulnerability testing and research. It includes documentation and Docker configurations for various CVEs, including CVE-2022-0543, but does not contain direct exploit code.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: N/A
No auth needed
Prerequisites: Docker environment setup
devstral-2 · analyzed Feb 25, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Reginaldo Silva, jbaines-r7 · rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/redis/redis_debian_sandbox_escape.rb

This Metasploit module exploits CVE-2022-0543, a Lua sandbox escape in Debian/Ubuntu Redis packages, allowing arbitrary command execution via the `package.loadlib` function. It supports both direct command execution and staged payloads, targeting x86_64 systems.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Redis (Debian/Ubuntu packages) versions 5.0.0 to 6.0.x
Auth required
Prerequisites: Network access to Redis port (default 6379) · Valid Redis credentials if authentication is enabled · Target running vulnerable Debian/Ubuntu Redis package
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Redis Sandbox Escape - Remote Code Execution
CRITICALby dwisiswant0
Shodan: redis_version || redis

References (7)

Core 7
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugs.debian.org/1005787
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-security-announce/2022/msg00048.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2022/dsa-5081
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220331-0004/
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/166885/Redis-Lua-Sandbox-Escape.html

Scores

CVSS v3 10.0
EPSS 0.9440
EPSS Percentile 100.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable yes
Technical Impact total

Lab Environment

COMMUNITY
Community Lab
docker pull vulhub/1panel:1.10.10
docker pull vulhub/activemq:5.11.1
docker pull vulhub/activemq:5.11.1-with-cron
docker pull vulhub/activemq:5.17.3
docker pull vulhub/airflow:1.10.10
+355 more images
+6 more repos

Details

CISA KEV 2022-03-28
VulnCheck KEV 2022-03-24
InTheWild.io 2022-03-11
ENISA EUVD EUVD-2022-15665
CWE
CWE-862
Status published
Products (1)
redis/redis
Published Feb 18, 2022
KEV Added Mar 28, 2022
Tracked Since Feb 18, 2026