HIGH🇵🇱 Wersja polska

CVE-2025-46817

CVSS 7.0v3.1pub. 2025-10-03upd. 2026-01-27

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2.

CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Redis

    APP
    Redis
    < 6.2.207.0 – 7.2.11 (bez)7.4.0 – 7.4.6 (bez)8.0.0 – 8.0.4 (bez)8.2.0 – 8.2.2 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2022-0543CRITICAL10.0⚠ KEVten sam produkt

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debia...

CVE-2025-49844CRITICAL9.9PL ✓ten sam produkt

Redis/Valkey: RCE przez use-after-free w skryptach Lua

CVE-2026-23479HIGH7.7ten sam produkt

Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow do...

CVE-2026-25243HIGH7.7ten sam produkt

Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does ...

CVE-2025-62507HIGH7.7ten sam produkt

Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run...