A recently discovered vulnerability in Redis, identified as CVE-2025-49844, highlights a critical security issue whereby authenticated attackers can exploit a use-after-free flaw to escape the Lua sandbox and execute remote code, potentially leading to severe consequences such as data deletion, corruption, or encryption for ransom. Although this bug, present in the code for 13 years, is typically not internet-exposed due to common deployment within virtual private clouds (VPCs), it nonetheless poses a significant insider threat if authentication is not configured, as attackers within the network can manipulate data using Lua scripts. This situation underscores the importance of securing Redis and Valkey nodes with passwords to mitigate the risk of unauthorized access and data manipulation. The vulnerability serves as a broader reminder of the need for robust security practices beyond merely patching known issues, emphasizing the necessity of evaluating access controls and potential threats within internal networks. Additionally, the challenges associated with embedding Lua in Redis, such as performance issues and security risks, have been evident in past vulnerabilities, illustrating the potential dangers of running user logic within data management processes.