Integer Overflow Vulnerability in Redis Affecting All Versions with Lua Scripting
CVE-2025-46817
Key Information:
Badges
What is CVE-2025-46817?
A vulnerability found in Redis, an open-source in-memory database, allows authenticated users to execute specially crafted Lua scripts, leading to potential integer overflow issues. This flaw, present in all versions supporting Lua scripting, can result in unauthorized remote code execution. The vulnerability has been addressed in Redis version 8.2.2, where the issue has been patched to enhance overall security.
Affected Version(s)
redis < 8.2.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Cyber PressPoC Released for Critical Lua Engine Vulnerabilities
A recent security audit of Redis 7.4.5 uncovered three severe flaws in the embedded Lua interpreter.
GBHackers NewsPoC Exploit Released for Critical Vulnerabilities in Lua Engine
A new proof-of-concept exploit has been released for three severe vulnerabilities in the Lua scripting engine used by Redis 7.4.5.
References
EPSS Score
26% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 📰
First article discovered by GBHackers News
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved