PT-2025-40555 · Redis+10 · Redis+10

Zhutyra

·

Published

2024-05-02

·

Updated

2026-05-18

·

CVE-2025-46817

CVSS v2.0

10

Critical

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions
Redis versions prior to 8.2.2 Valkey versions prior to 8.1.1+dfsg1-3+deb13u1 Redis versions 5:7.0.15-1~deb12u6 and prior (bookworm distribution) Redis versions 5:8.0.2-3+deb13u1 and prior (trixie distribution)
Description
Redis and Valkey are vulnerable to an integer overflow in the Lua scripting engine. An authenticated user can exploit this vulnerability by submitting a specially crafted Lua script, potentially leading to remote code execution. The issue exists in all versions of Redis with Lua scripting enabled.
Recommendations
  • Upgrade Redis to version 8.2.2 or later.
  • Upgrade Valkey to version 8.1.1+dfsg1-3+deb13u1 or later.
  • For Debian bookworm distribution, upgrade Redis to version 5:7.0.15-1~deb12u6 or later.
  • For Debian trixie distribution, upgrade Redis to version 5:8.0.2-3+deb13u1 or later.

Exploit

Fix

DoS

RCE

Integer Overflow

Weakness Enumeration

CWE-399CWE-190

Related Identifiers

ALSA-2025:19237
ALSA-2025:19238
ALSA-2025:19345
ALSA-2025:19675
ALSA-2025:20926
ALSA-2025:20955
ALSA-2025:21916
ALSA-2025:21936
ALSA-2025_16880
ALSA-2025_19237
ALSA-2025_19238
ALSA-2025_19345
ALSA-2025_20926
ALSA-2025_20955
ALSA-2025_21916
ALT-PU-2025-12931
ALT-PU-2025-12954
ALT-PU-2025-13204
AZL-68238
AZL-68661
AZL-68664
BDU:2025-01671
BDU:2025-12820
BIT-KEYDB-2025-46817
BIT-REDIS-2025-46817
BIT-VALKEY-2025-46817
CESA-2025_19238
CLEANSTART-2026-AF35851
CLEANSTART-2026-AV02020
CLEANSTART-2026-BX37171
CLEANSTART-2026-CJ12020
CLEANSTART-2026-CU71831
CLEANSTART-2026-DI78859
CLEANSTART-2026-DL37890
CLEANSTART-2026-EL98096
CLEANSTART-2026-GJ95666
CLEANSTART-2026-IR62391
CLEANSTART-2026-JR53141
CLEANSTART-2026-LU31244
CLEANSTART-2026-MZ27698
CLEANSTART-2026-PR27884
CLEANSTART-2026-QK48981
CLEANSTART-2026-QX99194
CLEANSTART-2026-RA63757
CLEANSTART-2026-RF40424
CLEANSTART-2026-SG88217
CLEANSTART-2026-UA95882
CLEANSTART-2026-WI17406
CLEANSTART-2026-XH31600
CLEANSTART-2026-YM75307
CVE-2025-46817
DLA-4325-1
DSA-6020-1
DSA-6022-1
GHSA-M8FJ-85CG-7VHP
INFSA-2025_19237
INFSA-2025_19238
INFSA-2025_19345
INFSA-2025_20926
INFSA-2025_20955
INFSA-2025_21916
MGASA-2025-0307
OESA-2025-2389
OESA-2025-2390
OESA-2025-2450
OESA-2025-2451
OESA-2025-2452
OESA-2025-2453
OPENSUSE-SU-2025:15600-1
OPENSUSE-SU-2025:15604-1
OPENSUSE-SU-2025:20121-1
OPENSUSE-SU-2026:20003-1
RHSA-2025:18931
RHSA-2025:18996
RHSA-2025:18997
RHSA-2025:19086
RHSA-2025:19237
RHSA-2025:19238
RHSA-2025:19239
RHSA-2025:19318
RHSA-2025:19345
RHSA-2025:19399
RHSA-2025:19675
RHSA-2025:20926
RHSA-2025:20955
RHSA-2025:21916
RHSA-2025:21936
RHSA-2025_19237
RHSA-2025_19238
RHSA-2025_19345
RHSA-2025_20926
RHSA-2025_20955
RHSA-2025_21916
SUSE-SU-2025:03499-1
SUSE-SU-2025:03500-1
SUSE-SU-2025:03501-1
SUSE-SU-2025:03502-1
SUSE-SU-2025:03505-1
SUSE-SU-2025:03506-1
SUSE-SU-2025:03507-1
SUSE-SU-2025_03499-1
SUSE-SU-2025_03500-1
SUSE-SU-2025_03501-1
SUSE-SU-2025_03502-1
SUSE-SU-2025_03505-1
SUSE-SU-2025_03506-1
SUSE-SU-2025_03507-1
SUSE-SU-2026:20022-1
USN-7893-1

Affected Products

Alt Linux
Almalinux
Centos
Debian
Linuxmint
Red Hat
Red Os
Redis
Rocky Linux
Suse
Ubuntu