Security Advisory: CVE-2025-49844

A critical security vulnerability, CVE-2025-49844, affecting Redis has been identified and addressed, particularly in versions 7.22.2-20 and higher, following reports from researchers at Wiz and Trend Micro's Zero Day Initiative. This vulnerability, which scores a 10.0 on the CVSS scale, involves a Lua use-after-free issue that could lead to remote code execution if exploited by an authenticated user with access to Redis. To mitigate the risk, users are advised to restrict network access, enforce strong authentication, and limit permissions for Lua script execution. Redis Cloud subscriptions have already been patched, while self-managed Redis instances should be updated to the latest releases to ensure security. There is no evidence of exploitation in Redis Cloud or customer environments, but administrators are encouraged to monitor for signs of unauthorized access or anomalous activity.