I would've reversed the order of recommendations by Wiz on their RediShell CVE-2025-49844 blog post. Network controls are easier & quicker to apply and involve no downtime; than changing server & client side configs. Even allowing all known IP ranges of your apps' service providers is safer than leaving open to the entire internet. Not saying don't patch systems - but take your time to get there. Attack from a tenant on the same provider is a slim chance. Some users will never get to patching Redis or changing server/client configs ever because the team who put that in has moved on!