CVE-2025-46817

Sažetak

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2.

Reference

https://github.com/redis/redis/commit/fc9abc775e308374f667fdf3e723ef4b7eb0e3ca
https://github.com/redis/redis/releases/tag/8.2.2
https://github.com/redis/redis/security/advisories/GHSA-m8fj-85cg-7vhp

CVSS

Base:	7.0
Impact:	5.9
Exploitability:	1.0

Pristup

Vektor	Složenost	Autentikacija
LOCAL	HIGH	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

08-10-2025 - 15:17

Objavljeno

03-10-2025 - 18:15