Valkey

Redis Critical Remote Code Execution Vulnerability Discovered After 13 Years

A critical use-after-free (UAF) vulnerability in Redis and Valkey, designated CVE-2025-49844 (CVSS 10.0), allows authenticated attackers to execute arbitrary code. This 13-year-old flaw in Lua scripting could lead to data theft, system compromise, and lateral movement in cloud environments. Immediate patching is recommended.