CVE-2025-46817
Published: 03 October 2025
Summary
CVE-2025-46817 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Redis Redis. Its CVSS base score is 7.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 5.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates timely remediation of the specific integer overflow flaw in Redis Lua scripting via patching to version 8.2.2 or later.
Restricts Redis to least functionality by prohibiting or disabling Lua scripting (e.g., EVAL command) unless essential, eliminating the vector for crafted malicious scripts.
Provides memory safeguards such as stack canaries, ASLR, and non-executable regions to hinder remote code execution from integer overflows in Lua script processing.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in Redis Lua scripting enables authenticated low-privilege exploitation via crafted Lua script causing integer overflow for RCE, directly facilitating T1210 (Exploitation of Remote Services), T1059.011 (Lua), and T1068 (Exploitation for Privilege Escalation).
NVD Description
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem…
more
exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2.
Deeper analysisAI
CVE-2025-46817 is an integer overflow vulnerability (CWE-190) in the Lua scripting functionality of Redis, an open-source in-memory database that persists on disk. It affects all versions of Redis with Lua scripting support, specifically versions 8.2.1 and below. An authenticated user can submit a specially crafted Lua script that triggers the overflow, potentially leading to remote code execution. The vulnerability has a CVSS v3.1 base score of 7.0 (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).
The attack requires an authenticated user with low privileges (PR:L) and local access (AV:L) to the Redis instance, along with high attack complexity (AC:H). Exploitation involves executing a malicious Lua script on the server, which can result in high confidentiality, integrity, and availability impacts (C:H/I:H/A:H) through potential remote code execution.
Redis addresses this issue in version 8.2.2, as detailed in the official release notes, security advisory (GHSA-m8fj-85cg-7vhp), and the fixing commit (fc9abc775e308374f667fdf3e723ef4b7eb0e3ca). Security practitioners should upgrade to Redis 8.2.2 or later to mitigate the vulnerability.
Details
- CWE(s)