A 13‑year Redis flaw (CVE‑2025‑49844) allows attackers to escape Lua sandbox and run code on hosts, if they are authenticated and Lua Script uploads are permitted.
Fixed releases: 7.22.2-12 and above, 7.8.6-207 and above, 7.4.6-272 and above, 7.2.4-138 and above, 6.4.2-131 and above
A 13‑year Redis flaw (CVE‑2025‑49844) allows attackers to escape Lua sandbox and run code on hosts, if they are authenticated and Lua Script uploads are permitted.
Fixed releases: 7.22.2-12 and above, 7.8.6-207 and above, 7.4.6-272 and above, 7.2.4-138 and above, 6.4.2-131 and above
Exploit appears to be available, so patch quickly! https://redrays.io/blog/poc-for-cve-2025-49844-cve-2025-4681...
[dupe] Discussion: https://news.ycombinator.com/item?id=45497027
Apologies, missed this previous discussion