CVE-2025-67733

CVSS v3.1

8.5

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H

Name of the Vulnerable Software and Affected Versions Valkey versions prior to 9.0.2 Valkey versions prior to 8.1.6 Valkey versions prior to 8.0.7 Valkey versions prior to 7.2.12

Description A flaw in the error handling code for Lua scripts does not properly handle null characters. This allows a malicious user to use scripting commands to inject arbitrary information into the response stream for a given client, which could lead to corrupting or returning tampered data to other users on the same connection.

Recommendations Update to version 9.0.2 Update to version 8.1.6 Update to version 8.0.7 Update to version 7.2.12

Exploit

Fix

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74

Related Identifiers

ALSA-2026:3443

ALSA-2026:3507

AZL-78317

BDU:2026-07333

BIT-VALKEY-2025-67733

CVE-2025-67733

GHSA-P876-P7Q5-HV2M

OPENSUSE-SU-2026:10266-1

OPENSUSE-SU-2026:20776-1

RHSA-2026:3443

RHSA-2026:3507

RHSA-2026:5445

SUSE-SU-2026:0685-1

SUSE-SU-2026:0848-1

SUSE-SU-2026:21814-1

USN-8106-1

Affected Products

Linuxmint

Red Os

Rocky Linux

Ubuntu

Valkey

CVE-2025-67733

Weakness Enumeration

Related Identifiers

Affected Products

References · 58