PT-2025-40593 · Redis+10 · Redis+10

Zhutyra

·

Published

2024-05-13

·

Updated

2026-05-18

·

CVE-2025-46819

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Redis versions 8.2.1 and below Linux kernel versions (affected versions not specified)
Description Redis, an in-memory database, is susceptible to a vulnerability where an authenticated user can execute a specially crafted Lua script to read out-of-bounds data or cause a server crash, leading to a denial of service. This issue affects all Redis versions that support Lua scripting. The vulnerability is resolved in Redis version 8.2.2. Additionally, a separate issue exists in the Linux kernel related to a NULL pointer dereference within the drm/amdgpu components. Exploitation of this kernel issue could lead to a denial of service.
Recommendations Redis versions 8.2.1 and below: Upgrade to version 8.2.2 or later. As a workaround, prevent users from executing Lua scripts by restricting the EVAL and FUNCTION command families using ACL. Linux kernel (affected versions not specified): At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Out of bounds Read

Integer Overflow

NULL Pointer Dereference

Weakness Enumeration

CWE-125CWE-190CWE-476

Related Identifiers

ALSA-2025:19237
ALSA-2025:19238
ALSA-2025:19345
ALSA-2025:19675
ALSA-2025:20926
ALSA-2025:20955
ALSA-2025:21916
ALSA-2025:21936
ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALSA-2025_19237
ALSA-2025_19238
ALSA-2025_19345
ALSA-2025_20926
ALSA-2025_20955
ALSA-2025_21916
ALT-PU-2025-12931
ALT-PU-2025-12954
ALT-PU-2025-13204
AZL-68244
AZL-68355
AZL-68360
BDU:2025-01657
BIT-KEYDB-2025-46819
BIT-REDIS-2025-46819
BIT-VALKEY-2025-46819
CESA-2025_19238
CLEANSTART-2026-AF35851
CLEANSTART-2026-AV02020
CLEANSTART-2026-BX37171
CLEANSTART-2026-CJ12020
CLEANSTART-2026-CU71831
CLEANSTART-2026-DI78859
CLEANSTART-2026-DL37890
CLEANSTART-2026-EL98096
CLEANSTART-2026-GJ95666
CLEANSTART-2026-IR62391
CLEANSTART-2026-JR53141
CLEANSTART-2026-LU31244
CLEANSTART-2026-MZ27698
CLEANSTART-2026-PR27884
CLEANSTART-2026-QK48981
CLEANSTART-2026-QX99194
CLEANSTART-2026-RA63757
CLEANSTART-2026-RF40424
CLEANSTART-2026-SG88217
CLEANSTART-2026-UA95882
CLEANSTART-2026-WI17406
CLEANSTART-2026-XH31600
CLEANSTART-2026-YM75307
CVE-2025-46819
DLA-4325-1
DSA-6020-1
DSA-6022-1
GHSA-4C68-Q8Q8-3G4F
INFSA-2025_19237
INFSA-2025_19238
INFSA-2025_19345
INFSA-2025_20926
INFSA-2025_20955
INFSA-2025_21916
MGASA-2025-0307
OESA-2025-2389
OESA-2025-2390
OESA-2025-2450
OESA-2025-2451
OESA-2025-2452
OESA-2025-2453
OPENSUSE-SU-2025:15600-1
OPENSUSE-SU-2025:15604-1
OPENSUSE-SU-2025:20121-1
OPENSUSE-SU-2026:20003-1
RHSA-2025:19237
RHSA-2025:19238
RHSA-2025:19345
RHSA-2025:19675
RHSA-2025:20926
RHSA-2025:20955
RHSA-2025_19237
RHSA-2025_19238
RHSA-2025_19345
RHSA-2025_20926
RHSA-2025_20955
RHSA-2025_21916
SUSE-SU-2025:03499-1
SUSE-SU-2025:03500-1
SUSE-SU-2025:03501-1
SUSE-SU-2025:03502-1
SUSE-SU-2025:03505-1
SUSE-SU-2025:03506-1
SUSE-SU-2025:03507-1
SUSE-SU-2026:20022-1
USN-7893-1

Affected Products

Alt Linux
Almalinux
Centos
Debian
Linuxmint
Red Hat
Red Os
Redis
Rocky Linux
Suse
Ubuntu