PT-2025-40592 · Redis+10 · Redis+10

Zhutyra

·

Published

2025-09-29

·

Updated

2026-05-18

·

CVE-2025-46818

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Redis versions 8.2.1 and below
Description Redis, an in-memory database, has an issue where an authenticated user can use a crafted Lua script to manipulate LUA objects and potentially execute code in another user's context. This affects all versions of Redis with LUA scripting enabled. To mitigate the problem without patching, users can prevent the execution of LUA scripts.
Recommendations Prevent users from executing LUA scripts using Access Control Lists (ACLs) to block the EVAL and FUNCTION command families.

Exploit

Fix

Code Injection

Weakness Enumeration

CWE-94

Related Identifiers

ALSA-2025:19237
ALSA-2025:19238
ALSA-2025:19345
ALSA-2025:19675
ALSA-2025:20926
ALSA-2025:20955
ALSA-2025:21916
ALSA-2025:21936
ALSA-2025_16880
ALSA-2025_19237
ALSA-2025_19238
ALSA-2025_19345
ALSA-2025_20926
ALSA-2025_20955
ALSA-2025_21916
ALT-PU-2025-12931
ALT-PU-2025-12954
ALT-PU-2025-13204
AZL-68241
AZL-68285
BDU:2025-12557
BIT-KEYDB-2025-46818
BIT-REDIS-2025-46818
BIT-VALKEY-2025-46818
CESA-2025_19238
CLEANSTART-2026-AF35851
CLEANSTART-2026-AV02020
CLEANSTART-2026-BX37171
CLEANSTART-2026-CJ12020
CLEANSTART-2026-CU71831
CLEANSTART-2026-DI78859
CLEANSTART-2026-DL37890
CLEANSTART-2026-EL98096
CLEANSTART-2026-GJ95666
CLEANSTART-2026-IR62391
CLEANSTART-2026-JR53141
CLEANSTART-2026-LU31244
CLEANSTART-2026-MZ27698
CLEANSTART-2026-PR27884
CLEANSTART-2026-QK48981
CLEANSTART-2026-QX99194
CLEANSTART-2026-RA63757
CLEANSTART-2026-RF40424
CLEANSTART-2026-SG88217
CLEANSTART-2026-UA95882
CLEANSTART-2026-WI17406
CLEANSTART-2026-XH31600
CLEANSTART-2026-YM75307
CVE-2025-46818
DSA-6020-1
DSA-6022-1
GHSA-QRV7-WCRX-Q5JP
INFSA-2025_19237
INFSA-2025_19238
INFSA-2025_19345
INFSA-2025_20926
INFSA-2025_20955
INFSA-2025_21916
MGASA-2025-0307
OESA-2025-2389
OESA-2025-2390
OESA-2025-2450
OESA-2025-2451
OESA-2025-2452
OESA-2025-2453
OPENSUSE-SU-2025:15600-1
OPENSUSE-SU-2025:15604-1
OPENSUSE-SU-2025:20121-1
OPENSUSE-SU-2026:20003-1
RHSA-2025:19237
RHSA-2025:19238
RHSA-2025:19345
RHSA-2025:19675
RHSA-2025:20926
RHSA-2025:20955
RHSA-2025_19237
RHSA-2025_19238
RHSA-2025_19345
RHSA-2025_20926
RHSA-2025_20955
RHSA-2025_21916
SUSE-SU-2025:03499-1
SUSE-SU-2025:03500-1
SUSE-SU-2025:03501-1
SUSE-SU-2025:03502-1
SUSE-SU-2025:03505-1
SUSE-SU-2025:03506-1
SUSE-SU-2025:03507-1
SUSE-SU-2026:20022-1
USN-7893-1

Affected Products

Alt Linux
Almalinux
Centos
Debian
Linuxmint
Red Hat
Red Os
Redis
Rocky Linux
Suse
Ubuntu