A critical security vulnerability has been discovered in Redis Server that allows authenticated attackers to achieve remote code execution through a use-after-free flaw in the Lua scripting engine.
Tracked as CVE-2025-49844, this issue affects all versions of Redis that support Lua scripting functionality, posing a significant risk to organizations relying on Redis for in-memory data storage.
https://cyberpress.org/redis-use-after- ... erability/