CVE-2025-46818
published 2025-10-03CVE-2025-46818: Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script…
PriorityP348high7.3CVSS 3.1
AVLACLPRLUIRSUCHIHAH
EXPLOIT
EPSS
0.70%
48.5th percentile
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions of Redis with LUA scripting. This issue is fixed in version 8.2.2. A workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing LUA scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families.
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | redict | < redict 7.3.6+ds-1 (forky) | redict 7.3.6+ds-1 (forky) |
| debian | redis | < redict 7.3.6+ds-1 (forky) | redict 7.3.6+ds-1 (forky) |
| debian | valkey | < redict 7.3.6+ds-1 (forky) | redict 7.3.6+ds-1 (forky) |
| lfprojects | valkey | >= 0 < 8.1.1+dfsg1-3+deb13u1 | 8.1.1+dfsg1-3+deb13u1 |
| lfprojects | valkey | >= 0 < 8.1.4+dfsg1-1 | 8.1.4+dfsg1-1 |
| lfprojects | valkey | >= 0 < 7.2.11+dfsg1-0ubuntu0.2 | 7.2.11+dfsg1-0ubuntu0.2 |
| lfprojects | valkey | >= 0 < 8.1.4+dfsg1-0ubuntu0.2 | 8.1.4+dfsg1-0ubuntu0.2 |
| msrc | azl3_kernel_6.6.47.1-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_kernel_6.6.51.1-5_on_azure_linux_3.0 | — | — |
| msrc | azl3_valkey_8.0.4-1_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_kernel_5.15.164.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_kernel_5.15.167.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_redis_6.2.20-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| redis | redis | < 8.2.2 | 8.2.2 |
| redis | redis | < 6.2.20 | 6.2.20 |
| redis | redis | >= 0 < 5:7.0.15-1~deb12u6 | 5:7.0.15-1~deb12u6 |
| redis | redis | >= 0 < 5:8.0.2-3+deb13u1 | 5:8.0.2-3+deb13u1 |
| redis | redis | >= 0 < 5:8.0.4-1 | 5:8.0.4-1 |
| redis | redis | >= 7.0 < 7.2.11 | 7.2.11 |
| redis | redis | >= 7.4.0 < 7.4.6 | 7.4.6 |
| redis | redis | >= 8.0.0 < 8.0.4 | 8.0.4 |
CVSS provenance
nvdv3.17.3HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_msrc7.8HIGH
vendor_ubuntu7.0HIGH
vendor_debian6.0MEDIUM
vendor_redhat6.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Schneider Electric Plant iT/Brewmaxx
cisa_ics·2026-03-24·CVSS 7.0
[HIGH] Schneider Electric Plant iT/Brewmaxx
ICS Advisory
##
Schneider Electric Plant iT/Brewmaxx
Release DateMarch 24, 2026
Alert CodeICSA-26-083-03
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
Successful exploitation of these vulnerabilities could risk privilege escalation, which could result in remote code execution.
The following versions of Schneider Electric Plant iT/Brewmaxx are affected:
- Plant iT/Brewmaxx 9.60_and_above (CVE-2025-49844, CVE-2025-46817, CVE-2025-46818, CVE-2025-46819)
CVSS
Vendor
Equipment
Vulnerabilities
| v3 9.9
| Schneider Electric
| Schneider Electric Plant iT/Brewmaxx
| Use After Free, Integer Overflow or Wraparound, Improper Control of Generation of Code ('Code Injection')
## Background
- Critical Infrast
Ubuntu
Valkey vulnerabilities
vendor_ubuntu·2025-11-26·CVSS 7.0
CVE-2025-46818 [HIGH] Valkey vulnerabilities
Title: Valkey vulnerabilities
Summary: Several security issues were fixed in Valkey.
Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Valkey incorrectly
handled memory when running Lua scripts. An authenticated attacker could
use this vulnerability to trigger a use-after-free condition, and
potentially achieve remote code execution on the Valkey server.
(CVE-2025-49844)
It was discovered that Valkey incorrectly handled memory when running Lua
scripts. An authenticated attacker could use this vulnerability to trigger
a integer overflow condition, and potentially achieve remote code execution
on the Valkey server. (CVE-2025-46817)
It was discovered that Valkey incorrectly handled Lua objects. An
authenticated attacker could possibly use this issue to escalate their
privileges. (
Microsoft
Redis: Authenticated users can execute LUA scripts as a different user
vendor_msrc·2025-10-14·CVSS 6.0
CVE-2025-46818 [MEDIUM] CWE-94 Redis: Authenticated users can execute LUA scripts as a different user
Redis: Authenticated users can execute LUA scripts as a different user
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
GitHub_M: GitHub_M
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Ref
Red Hat
Redis: Redis: Authenticated users can execute LUA scripts as a different user
vendor_redhat·2025-10-03·CVSS 6.0
CVE-2025-46818 [MEDIUM] CWE-94 Redis: Redis: Authenticated users can execute LUA scripts as a different user
Redis: Redis: Authenticated users can execute LUA scripts as a different user
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions of Redis with LUA scripting. This issue is fixed in version 8.2.2. A workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing LUA scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families.
A code injection vulnerability in Redis Lua scripting where an authenticated user can craft a Lua script to manipulate obj
Debian
CVE-2025-46818: redict - Redis is an open source, in-memory database that persists on disk. Versions 8.2....
vendor_debian·2025·CVSS 6.0
CVE-2025-46818 [MEDIUM] CVE-2025-46818: redict - Redis is an open source, in-memory database that persists on disk. Versions 8.2....
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions of Redis with LUA scripting. This issue is fixed in version 8.2.2. A workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing LUA scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families.
Scope: local
forky: resolved (fixed in 7.3.6+ds-1)
sid: resolved (fixed in 7.3.6+ds-1)
Microsoft
drm/amd/display: Check gpio_id before used as array index
vendor_msrc·2024-09-10·CVSS 7.8
CVE-2024-46818 [HIGH] CWE-129 drm/amd/display: Check gpio_id before used as array index
drm/amd/display: Check gpio_id before used as array index
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
Linux: Linux
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://lea
OSV
valkey vulnerabilities
osv·2025-11-26·CVSS 8.8
CVE-2025-49844 [HIGH] valkey vulnerabilities
valkey vulnerabilities
Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Valkey incorrectly
handled memory when running Lua scripts. An authenticated attacker could
use this vulnerability to trigger a use-after-free condition, and
potentially achieve remote code execution on the Valkey server.
(CVE-2025-49844)
It was discovered that Valkey incorrectly handled memory when running Lua
scripts. An authenticated attacker could use this vulnerability to trigger
a integer overflow condition, and potentially achieve remote code execution
on the Valkey server. (CVE-2025-46817)
It was discovered that Valkey incorrectly handled Lua objects. An
authenticated attacker could possibly use this issue to escalate their
privileges. (CVE-2025-46818)
It was discovered that Valkey incorrectly hand
OSV
CVE-2025-46818: Redis is an open source, in-memory database that persists on disk
osv·2025-10-03·CVSS 7.3
CVE-2025-46818 [HIGH] CVE-2025-46818: Redis is an open source, in-memory database that persists on disk
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions of Redis with LUA scripting. This issue is fixed in version 8.2.2. A workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing LUA scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families.
No detection rules found.
Nuclei
Redis Lua Sandbox < 8.2.2 - Cross-User Escape
nuclei·CVSS 7.3
CVE-2025-46818 [HIGH] Redis Lua Sandbox < 8.2.2 - Cross-User Escape
Redis Lua Sandbox < 8.2.2 - Cross-User Escape
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions of Redis with LUA scripting. This issue is fixed in version 8.2.2. A workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing LUA scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families.
Template:
id: CVE-2025-46818
info:
name: Redis Lua Sandbox < 8.2.2 - Cross-User Escape
author: pussycat0x
severity: high
description: |
Redis is an open
Bugzilla
CVE-2025-46818 Redis: Redis: Authenticated users can execute LUA scripts as a different user
bugzilla·2025-10-03·CVSS 7.3
CVE-2025-46818 [HIGH] CVE-2025-46818 Redis: Redis: Authenticated users can execute LUA scripts as a different user
CVE-2025-46818 Redis: Redis: Authenticated users can execute LUA scripts as a different user
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions of Redis with LUA scripting. This issue is fixed in version 8.2.2. A workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing LUA scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families.
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA
Bleepingcomputer
Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws
blogs_bleepingcomputer·2025-10-14·CVSS 7.8
[HIGH] Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws
## Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws
## Lawrence Abrams
80 Elevation of Privilege Vulnerabilities
11 Security Feature Bypass Vulnerabilities
31 Remote Code Execution Vulnerabilities
28 Information Disclosure Vulnerabilities
11 Denial of Service Vulnerabilities
10 Spoofing Vulnerabilities
When BleepingComputer reports on the Patch Tuesday security updates, we only count those released today by Microsoft. Therefore, the number of flaws does not include those fixed in Azure, Mariner, Microsoft Edge, and other vulnerabilities earlier this month.
Notably, Windows 10 reaches the end of support today , with this being the last Patch Tuesday where Microsoft provides free security updates to the venerable operating system.
To continue receiving security upd
Greynoiseio
NoiseLetter October 2025
blogs_greynoiseio
NoiseLetter October 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
2025-10-03
Published