Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2025-46818 — Code Injection in Redis
Severity
7.3HIGHNVD
OSV8.8
EPSS
3.2%
top 13.02%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedOct 3
Latest updateMar 24
Description
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions of Redis with LUA scripting. This issue is fixed in version 8.2.2. A workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing LUA scripts. This ca…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9
Affected Packages18 packages
Patches
🔴Vulnerability Details
2💥Exploits & PoCs
1Nuclei▶
Redis Lua Sandbox < 8.2.2 - Cross-User Escape
📋Vendor Advisories
6Debian▶
CVE-2025-46818: redict - Redis is an open source, in-memory database that persists on disk. Versions 8.2....↗2025