CVE-2025-46817

HIGH NUCLEI

Redis <8.2.2 - RCE

Title source: llm

Description

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2.

Exploits (1)

github WORKING POC 2 stars

by slayerkkkk · cpoc

https://github.com/slayerkkkk/CVE-2025-46817-PoC

View Code ZIP pw:eip

Nuclei Templates (1)

Redis < 8.2.1 lua script - Integer Overflow

CRITICALVERIFIEDby pussycat0x

Shodan: product:"redis"

References (3)

[Patch] https://github.com/redis/redis/commit/fc9abc775e308374f667fdf3e723ef4b7eb0e3ca

View Patch ZIP pw:eip

[Release Notes] https://github.com/redis/redis/releases/tag/8.2.2

[Vendor Advisory] https://github.com/redis/redis/security/advisories/GHSA-m8fj-85cg-7vhp

Scores

CVSS v3 7.0

EPSS 0.1585

EPSS Percentile 94.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-190

Status published

Affected Products (1)

redis/redis < 6.2.20

Timeline

Published Oct 03, 2025

Tracked Since Feb 18, 2026