- 218/2025
- Critical
Redis has released security updates to fix several vulnerabilities affecting all Redis Software releases.
The addressed vulnerabilities could allow the attacker to perform denial of service attacks, gain elevated privileges, or execute arbitrary code and gain access to the affected product.
Sample of the addressed vulnerabilities:
Lua Use-After-Free Remote Code Execution Vulnerability (CVE 2025-49844):
- CVSS: 10
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
It should be highlighted that Redis is aware that the vulnerability “CVE-2025- 49844” has a proof-of-concept (PoC) exploit in the wild.
Vulnerabilities
- CVE-2025-49844
- CVE-2025-46817
- CVE-2025-46818
- CVE-2025-46819
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.