Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.2629.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Redis
  • Redis

Configuration 1 [-]

cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Redis
  • Redis
Advisories
Source ID Title
Debian DLA Debian DLA DLA-4325-1 redis security update
Debian DSA Debian DSA DSA-6020-1 redis security update
Debian DSA Debian DSA DSA-6022-1 valkey security update
EUVD EUVD EUVD-2025-32363 Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://github.com/redis/redis/commit/fc9abc775e308374f667fdf3e723ef4b7eb0e3ca cve-icon cve-icon cve-icon
https://github.com/redis/redis/releases/tag/8.2.2 cve-icon cve-icon cve-icon
https://github.com/redis/redis/security/advisories/GHSA-m8fj-85cg-7vhp cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-46817 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-46817 cve-icon
History

Wed, 08 Oct 2025 15:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*

Mon, 06 Oct 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Redis
Redis redis
Vendors & Products Redis
Redis redis

Mon, 06 Oct 2025 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Fri, 03 Oct 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 03 Oct 2025 18:00:00 +0000

Type Values Removed Values Added
Description Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2.
Title Lua library commands may lead to integer overflow and potential RCE
Weaknesses CWE-190
References
Metrics cvssV3_1

{'score': 7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-10-03T18:32:16.521Z

Reserved: 2025-04-30T19:41:58.134Z

Link: CVE-2025-46817

cve-icon Vulnrichment

Updated: 2025-10-03T18:32:07.450Z

cve-icon NVD

Status : Analyzed

Published: 2025-10-03T18:15:35.527

Modified: 2025-11-12T11:34:13.390

Link: CVE-2025-46817

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-10-03T17:52:48Z

Links: CVE-2025-46817 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2025-10-06T14:42:44Z