CVE-2025-46817
📋 TL;DR
This CVE describes an integer overflow vulnerability in Redis that allows authenticated users to execute specially crafted Lua scripts, potentially leading to remote code execution. The vulnerability affects all Redis versions with Lua scripting enabled, specifically versions 8.2.1 and below. Users running vulnerable Redis instances with authenticated access are at risk.
💻 Affected Systems
- Redis
📦 What is this software?
Redis by Redis
Redis by Redis
Redis by Redis
Redis by Redis
Redis by Redis
⚠️ Risk & Real-World Impact
Worst Case
Authenticated attacker gains remote code execution with Redis process privileges, potentially leading to full system compromise, data theft, or lateral movement.
Likely Case
Authenticated attacker causes denial of service through memory corruption or gains limited code execution within Redis context.
If Mitigated
With proper network segmentation and authentication controls, impact is limited to Redis service disruption.
🎯 Exploit Status
Exploitation requires authenticated access and knowledge of Lua scripting in Redis. No public exploit code is currently available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 8.2.2
Vendor Advisory: https://github.com/redis/redis/security/advisories/GHSA-m8fj-85cg-7vhp
Restart Required: Yes
Instructions:
1. Download Redis 8.2.2 or later from https://github.com/redis/redis/releases/tag/8.2.2
2. Stop Redis service
3. Install new version
4. Restart Redis service
5. Verify version with 'redis-server --version'
🔧 Temporary Workarounds
Disable Lua Scripting
allDisable Lua scripting functionality to prevent exploitation of this vulnerability
redis-cli CONFIG SET lua-time-limit 0
redis-cli CONFIG SET user default on >resetpass ~* &* -@all
Restrict Authentication
allImplement strong authentication and limit user permissions
redis-cli CONFIG SET requirepass "strongpassword"
redis-cli ACL SETUSER default off resetpass ~* &* +@all -eval
🧯 If You Can't Patch
- Implement strict network access controls to limit Redis exposure to trusted networks only
- Disable Lua scripting entirely and use Redis commands that don't require Lua execution
🔍 How to Verify
Check if Vulnerable:
Check Redis version with 'redis-server --version' or 'redis-cli INFO server | grep redis_version'. If version is 8.2.1 or earlier, the system is vulnerable.Check Version:
redis-server --versionVerify Fix Applied:
After patching, verify version is 8.2.2 or later using 'redis-server --version'. Test Lua script execution to ensure service is functional.📡 Detection & Monitoring
Log Indicators:
- Unusual Lua script execution patterns
- Redis process crashes or abnormal termination
- Memory allocation errors in Redis logs
Network Indicators:
- Unusual Lua script commands sent to Redis port
- Multiple failed authentication attempts followed by Lua script execution
SIEM Query:
source="redis.log" AND ("EVAL" OR "SCRIPT") AND ("error" OR "crash" OR "overflow")