CVE-2025-46817

| EUVD-2025-33202 HIGH
2025-10-03 [email protected]
7.0
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
EUVD ID Assigned
Mar 13, 2026 - 19:29 euvd
EUVD-2025-33202
Analysis Generated
Mar 13, 2026 - 19:29 vuln.today
Patch Released
Jan 27, 2026 - 19:37 nvd
Patch available
CVE Published
Oct 03, 2025 - 18:15 nvd
HIGH 7.0

Tags

RCE Redis Integer Overflow Ubuntu Debian Redhat Suse

Description

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2.

Analysis

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2.

Technical Context

An integer overflow occurs when an arithmetic operation produces a value that exceeds the maximum (or minimum) size of the integer type used to store it. This vulnerability is classified as Integer Overflow or Wraparound (CWE-190).

Affected Products

Affected products: Redis Redis

Remediation

A vendor patch is available — apply it immediately. Use safe integer arithmetic libraries. Check for overflow conditions before operations. Use appropriately sized integer types.

Priority Score

58
Low Medium High Critical
KEV: 0
EPSS: +13.2
CVSS: +35
POC: 0

Vendor Status

Ubuntu

Priority: Medium
redict
Release Status Version
jammy DNE -
noble DNE -
upstream needs-triage -
plucky ignored end of life, was needs-triage
questing needs-triage -
valkey
Release Status Version
jammy DNE -
upstream needs-triage -
noble released 7.2.11+dfsg1-0ubuntu0.2
plucky released 8.0.6+dfsg1-0ubuntu0.2
questing released 8.1.4+dfsg1-0ubuntu0.2
redis
Release Status Version
bionic not-affected uses system lua
focal not-affected uses system lua
jammy not-affected uses system lua
noble not-affected uses system lua
plucky not-affected uses system lua
trusty not-affected uses system lua
upstream released 8.2.2
xenial not-affected uses system lua
questing not-affected uses system lua
USN-7893-1

Debian

Bug #1117690
redict
Release Status Fixed Version Urgency
forky, sid fixed 7.3.6+ds-1 -
(unstable) fixed 7.3.6+ds-1 -
redis
Release Status Fixed Version Urgency
bullseye fixed 5:6.0.16-1+deb11u8 -
bullseye (security) fixed 5:6.0.16-1+deb11u8 -
bookworm, bookworm (security) fixed 5:7.0.15-1~deb12u6 -
trixie (security), trixie fixed 5:8.0.2-3+deb13u1 -
forky, sid fixed 5:8.0.5-1 -
bookworm fixed 5:7.0.15-1~deb12u6 -
trixie fixed 5:8.0.2-3+deb13u1 -
(unstable) fixed 5:8.0.4-1 -
valkey
Release Status Fixed Version Urgency
trixie (security), trixie fixed 8.1.1+dfsg1-3+deb13u1 -
forky, sid fixed 8.1.4+dfsg1-1 -
trixie fixed 8.1.1+dfsg1-3+deb13u1 -
(unstable) fixed 8.1.4+dfsg1-1 -
DLA-4325-1 DSA-6020-1 DSA-6022-1

Share

CVE-2025-46817 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy