Mitigations and impact of CVE-2025-49844 (Redis)
-
Anybody have a sense of impact and scope of recently released redis security alert? CVE-2025-49844 I see 6x in some of our older xo environments and 7.0.xx in xoa
We have a ticket in but wondering if anybody else has started troubleshooting this yet
Last login: Tue Aug 26 08:08:15 2025 from 10.136.192.170
$ redis-server
3379289:C 07 Oct 2025 11:56:33.844 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
3379289:C 07 Oct 2025 11:56:33.844 # Redis version=7.0.15, bits=64, commit=00000000, modified=0, pid=3379289, just started -
Hi,
To start, it's good to read: https://docs.vates.tech/security/
Especially https://docs.vates.tech/security/#contact--disclosure
Then, I can answer here directly: we are not affected since Redis is only listening locally, therefore it's not exposed outside XO. There's nothing interesting to do with that CVE, because in order to use it, you already must be a privileged user.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login