EUVD-2025-28478

| CVE-2025-52935 CRITICAL
2025-06-23 [email protected]
9.4
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:C/RE:M/U:Red
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
N

Lifecycle Timeline

3
Analysis Generated
Mar 15, 2026 - 22:10 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 22:10 euvd
EUVD-2025-28478
CVE Published
Jun 23, 2025 - 10:15 nvd
CRITICAL 9.4

Tags

Integer Overflow Denial Of Service

Description

Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly (src/redis/lua/struct modules). This vulnerability is associated with program files lua_struct.C. This issue affects dragonfly: 1.30.1, 1.30.0, 1.28.18.

Analysis

CVE-2025-52935 is an integer overflow/wraparound vulnerability in DragonflyDB's Lua struct module (lua_struct.C) that allows authenticated attackers with low privileges to trigger memory corruption, information disclosure, and potential code execution. The vulnerability affects DragonflyDB versions 1.30.1, 1.30.0, and 1.28.18, and carries a critical CVSS v4.0 score of 9.4 with high impact across confidentiality, integrity, and availability. No public exploit code or active exploitation has been confirmed at this time, but the authenticated attack vector and high severity warrant immediate patching.

Technical Context

DragonflyDB is a high-performance, drop-in Redis replacement written in C++. The vulnerability resides in the Lua struct module (src/redis/lua/struct), which handles serialization/deserialization of binary data structures within Lua scripts executed by the database engine. CWE-190 (Integer Overflow or Wraparound) occurs when arithmetic operations on integer values used for buffer size calculations, array indexing, or memory allocation lack proper bounds checking. In this context, an attacker can craft malicious Lua scripts that trigger integer wraparound during struct packing/unpacking operations, causing the calculated size to wrap around to a small value. This allows writing beyond allocated buffer boundaries or reading from unintended memory regions. The Lua execution context within DragonflyDB provides an attack surface for unauthenticated script injection if default security is misconfigured, or for authenticated users with SCRIPT LOAD/EVAL permissions.

Affected Products

DragonflyDB (['1.30.1', '1.30.0', '1.28.18'])

Remediation

patch: Upgrade to a patched version of DragonflyDB released after CVE-2025-52935 disclosure. Contact DragonflyDB project for specific patch version numbers (likely 1.30.2+ or 1.28.19+). (https://github.com/dragonflydb/dragonfly) workaround_short_term: Restrict Lua script execution permissions: disable SCRIPT LOAD, EVAL, and EVALSHA commands via ACL rules if not required. Limit script execution to trusted internal services only. (DragonflyDB) workaround_short_term: Disable or sandbox Lua struct module functionality if available. Monitor for unusual Lua struct operations in audit logs. (DragonflyDB) monitoring: Implement network segmentation to restrict access to DragonflyDB instances to trusted hosts. Monitor authentication logs for unauthorized script execution attempts. (Standard)

Priority Score

47
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +47
POC: 0

Share

EUVD-2025-28478 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy