Description

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families.

INFO

Published Date :

2025-10-03T19:12:10.999Z

Last Modified :

2025-10-31T14:53:41.010Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-46819 vulnerability.

Vendors Products
Redis
  • Redis
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-46819.

URL Resource
https://github.com/redis/redis/commit/3a1624da2449ac3dbfc4bdaed43adf77a0b7bfba cve-icon cve-icon cve-icon
https://github.com/redis/redis/releases/tag/8.2.2 cve-icon cve-icon cve-icon
https://github.com/redis/redis/security/advisories/GHSA-4c68-q8q8-3g4f cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-46819 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-46819 cve-icon
https://www.vicarius.io/vsociety/posts/cve-2025-46819-detect-redis-vulnerability cve-icon
https://www.vicarius.io/vsociety/posts/cve-2025-46819-mitigate-redis-vulnerability cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact