Integer Overflow Vulnerability in Redis Affecting All Versions with Lua Scripting
CVE-2025-46817

7HIGH

Key Information:

Vendor

Redis

Status
Redis
Vendor
CVE Published:
3 October 2025

What is CVE-2025-46817?

A vulnerability found in Redis, an open-source in-memory database, allows authenticated users to execute specially crafted Lua scripts, leading to potential integer overflow issues. This flaw, present in all versions supporting Lua scripting, can result in unauthorized remote code execution. The vulnerability has been addressed in Redis version 8.2.2, where the issue has been patched to enhance overall security.

Affected Version(s)

redis < 8.2.2

References

https://github.com/redis/redis/security/advisories/GHSA-m...
x_refsource_CONFIRM
https://github.com/redis/redis/commit/fc9abc775e308374f66...
x_refsource_MISC
https://github.com/redis/redis/releases/tag/8.2.2
x_refsource_MISC

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-46817 : Integer Overflow Vulnerability in Redis Affecting All Versions with Lua Scripting