CVE-2025-46817

HIGH NUCLEI

Redis < 6.2.20 - Authenticated Remote Code Execution via Lua Script Integer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-46817. PoCs published by slayerkkkk. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional C exploit for CVE-2025-46817, targeting an integer overflow in Redis's Lua `unpack()` function. The exploit demonstrates a denial-of-service (crash) by triggering memory corruption via a crafted Lua script payload.

Description

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2.

Exploits (1)

github WORKING POC 2 stars

by slayerkkkk · cpoc

https://github.com/slayerkkkk/CVE-2025-46817-PoC

View Code ZIP pw:eip

This repository contains a functional C exploit for CVE-2025-46817, targeting an integer overflow in Redis's Lua `unpack()` function. The exploit demonstrates a denial-of-service (crash) by triggering memory corruption via a crafted Lua script payload.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Redis <= 8.2.1, <= 8.0.3, <= 7.4.5, <= 7.2.10, <= 6.2.19

No auth needed

Prerequisites: Network access to Redis server · Redis server with Lua scripting enabled

MITRE ATT&CK

T1499.004 - Application or System Exploitation

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Nuclei Templates (1)

Redis < 8.2.1 lua script - Integer Overflow

CRITICALVERIFIEDby pussycat0x

Shodan: product:"redis"

References (3)

Core 3

Core References

Vendor Advisory x_refsource_confirm

https://github.com/redis/redis/security/advisories/GHSA-m8fj-85cg-7vhp

Patch x_refsource_misc

https://github.com/redis/redis/commit/fc9abc775e308374f667fdf3e723ef4b7eb0e3ca

View Patch ZIP pw:eip

Release Notes x_refsource_misc

https://github.com/redis/redis/releases/tag/8.2.2

Scores

CVSS v3 7.0

EPSS 0.1051

EPSS Percentile 93.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-190

Status published

Products (1)

redis/redis < 6.2.20

Published Oct 03, 2025

Tracked Since Feb 18, 2026