Redis has issued a security advisory for a critical use-after-free vulnerability that allows attackers to execute remote code via Lua scripting. This affects older versions of Redis and Valkey, enabling potential data theft and system compromise. Users are urged to upgrade to patched versions immediately.

Redis has issued critical patches for a severe vulnerability (CVE-2025-49844) that allows remote code execution on approximately 330,000 exposed instances, with at least 60,000 not requiring authentication. The flaw stems from a 13-year-old use-after-free weakness in the Lua scripting feature, enabling attackers to gain full access to host systems and potentially exfiltrate sensitive data. Administrators are urged to update their Redis instances immediately to mitigate the risk of exploitation.