Mitigations and impact of CVE-2025-49844 (Redis)
-
Anybody have a sense of impact and scope of recently released redis security alert? CVE-2025-49844 I see 6x in some of our older xo environments and 7.0.xx in xoa
We have a ticket in but wondering if anybody else has started troubleshooting this yet
Last login: Tue Aug 26 08:08:15 2025 from 10.136.192.170
$ redis-server
3379289:C 07 Oct 2025 11:56:33.844 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
3379289:C 07 Oct 2025 11:56:33.844 # Redis version=7.0.15, bits=64, commit=00000000, modified=0, pid=3379289, just started -
Hi,
To start, it's good to read: https://docs.vates.tech/security/
Especially https://docs.vates.tech/security/#contact--disclosure
Then, I can answer here directly: we are not affected since Redis is only listening locally, therefore it's not exposed outside XO. There's nothing interesting to do with that CVE, because in order to use it, you already must be a privileged user.