Hi,
To start, it's good to read: https://docs.vates.tech/security/
Especially https://docs.vates.tech/security/#contact--disclosure
Then, I can answer here directly: we are not affected since Redis is only listening locally, therefore it's not exposed outside XO. There's nothing interesting to do with that CVE, because in order to use it, you already must be a privileged user.