Redis has issued a security advisory for a critical use-after-free vulnerability that allows attackers to execute remote code via Lua scripting. This affects older versions of Redis and Valkey, enabling potential data theft and system compromise. Users are urged to upgrade to patched versions immediately.

This article discusses the CVE-2025-62507 vulnerability in Redis, which allows for remote code execution through a stack buffer overflow triggered by the XACKDEL command. The authors analyze how the vulnerability can be exploited and provide a proof of concept to demonstrate the risk.

Report URI has effectively mitigated the impacts of the Redis vulnerability CVE-2025-49844 by implementing strict security measures and utilizing Redis's ACL features to restrict access to potentially harmful commands. They have upgraded to Redis version 8.2.2 and further hardened their infrastructure by disabling unnecessary commands, ensuring a robust and secure environment.

Redis has issued critical patches for a severe vulnerability (CVE-2025-49844) that allows remote code execution on approximately 330,000 exposed instances, with at least 60,000 not requiring authentication. The flaw stems from a 13-year-old use-after-free weakness in the Lua scripting feature, enabling attackers to gain full access to host systems and potentially exfiltrate sensitive data. Administrators are urged to update their Redis instances immediately to mitigate the risk of exploitation.