CVE-2025-46817

moderate-risk
Published 2025-10-03

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2.

Do I need to act?

!
13.2% chance of exploitation in next 30 days
EPSS score — higher than 87% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.0/10 High
LOCAL / HIGH complexity

Affected Products (1)

Affected Vendors

Redis

References (3)

Patch https://github.com/redis/redis/commit/fc9abc775e308374f667fdf3e723ef4b7eb0e3ca
Release Notes https://github.com/redis/redis/releases/tag/8.2.2
Vendor Advisory https://github.com/redis/redis/security/advisories/GHSA-m8fj-85cg-7vhp
35
/ 100
moderate-risk
Severity 18/34 · Moderate
Exploitability 12/34 · Low
Exposure 5/34 · Minimal