Let’s unpack Redis CVE-2025-49844. Redis just disclosed a new vulnerability, rated CVSS 10.0 (Critical), which is a use-after-free bug in the Lua scripting subsystem that can lead to remote code execution (RCE) under certain conditions. Redis has released fixes across both commercial and open-source editions, including versions 8.2.2, 8.0.4, 7.4.6, 7.2.11, and newer for OSS/CE, as well as 7.22.2-12, 7.8.6-207, 7.4.6-272, 7.2.4-138, and 6.4.2-131 for Redis Software. What should you do? If you’re using echo's up-to-date Redis image, you're covered. Automatic patches have already been applied. If not, you'll need to upgrade to a fixed release and restrict EVAL/EVALSHA as an interim control. For more details, check out the official Redis security advisory. We're here if you have any questions!
Echo
Computer and Network Security
Delivering CVE-free container base images that wow your scanners.
About us
echo delivers secure cloud-native infrastructure through enterprise-grade clean container base images that integrate seamlessly into existing workflows.
- Website
-
echohq.com
External link for Echo
- Industry
- Computer and Network Security
- Company size
- 11-50 employees
- Type
- Privately Held
- Founded
- 2025
Employees at Echo
Updates
-
echo is officially a CVE Numbering Authority (CNA)! This is a really important milestone for our team. We’ve seen firsthand what it means for companies to drown in vulnerability noise, and we’ve built echo to change it. Contributing to the CVE Program lets us give back to the community and help shape the standards that will guide the next generation of secure infrastructure. Thank you to everyone who helped make this happen!
-
-
What's the difference between preventing vs. fixing vulnerabilities? We sat down with Prasant S., DevOps Lead at Microsoft, to get his thoughts.
-
echo scans clean with Trivy (by Aqua Security)⚡ The most widely used open source container scanner in the world recognizes echo images as CVE-free! Trusted by 20+ million developers, this integration reflects our commitment to ensuring you get the clean scans you need with the tools you already use. Oh, and just FYI – we have a CVE-free aquasec-trivy image available in our image store ✨
-
Wiz and echo are officially integrated! ✨ Now, when you use echo images and Wiz, you'll be able to hyper-focus on the most critical issues within your own app while offloading all the base image vulnerabilities to echo. Want to see it in action? Message us!
-
-
Your CNAPP has never looked better 🤩 Orca Security and echo are now fully integrated, bringing together Orca’s deep, contextual visibility with echo’s CVE-free container base images. What does this mean for you? ✔️ Instant noise reduction in your CNAPP ✔️ Clear focus on vulnerabilities you can actually fix in your app ✔️ Significant drop in CVEs without any added engineering effort Experience the difference for your team!
-
What would it mean for CVE-free infrastructure to become the industry standard? We sat down with Brian Kerr, Deputy CISO of Klaviyo to get his thoughts.