CVE-2025-46817HIGH 8.8EPSS p88.5%

CVE-2025-46817CVE-2025-46817

Description

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS3.75% probability of exploitation · percentile 88.5% · 2026-06-19T12:03:05Z
Published2025-10-03
Last modified2026-01-27

Underlying weaknesses· 1

CWE-190

References

  1. https://github.com/redis/redis/commit/fc9abc775e308374f667fdf3e723ef4b7eb0e3ca
  2. https://github.com/redis/redis/releases/tag/8.2.2
  3. https://github.com/redis/redis/security/advisories/GHSA-m8fj-85cg-7vhp

1

TypeTargetConfidenceTier
WeaknessInteger Overflow or Wraparoundcwe-1900%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-49844
CVE
CVE-2026-23631
CVE
CVE-2025-62507
CVE
CVE-2025-27151
CVE
CVE-2026-25243
CVE
CVE-2026-23479
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.