Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2025-46817Integer Overflow or Wraparound in Redis

CWE-190Integer Overflow or Wraparound11 documents10 sources
Severity
8.8HIGHNVD
EPSS
13.2%
top 5.84%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
10
RedisLfprojects ValkeyDebian Redict+7 more
Timeline
PublishedOct 3
Latest updateMar 24

Description

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages13 packages

CVEListV5redis/redis< 8.2.2
NVDredis/redis7.07.2.11+4
debiandebian/redis< redict 7.3.6+ds-1 (forky)
Debianredis/redis< 5:6.0.16-1+deb11u8+3

Patches

Patch: github.com

🔴Vulnerability Details

2
OSV
valkey vulnerabilities2025-11-26
OSV
CVE-2025-46817: Redis is an open source, in-memory database that persists on disk2025-10-03

💥Exploits & PoCs

1
Nuclei
Redis < 8.2.1 lua script - Integer Overflow

📋Vendor Advisories

5
CISA ICS
Schneider Electric Plant iT/Brewmaxx2026-03-24
Ubuntu
Valkey vulnerabilities2025-11-26
Microsoft
Lua library commands may lead to integer overflow and potential RCE2025-10-14
Red Hat
redis: Lua library commands may lead to integer overflow and potential RCE2025-10-03
Debian
CVE-2025-46817: redict - Redis is an open source, in-memory database that persists on disk. Versions 8.2....2025

🕵️Threat Intelligence

2
Bleepingcomputer
Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws2025-10-14
Greynoiseio
NoiseLetter October 2025
CVE-2025-46817 — Integer Overflow or Wraparound | cvebase