{"id":"CVE-2025-46818","summary":"Redis: Authenticated users can execute LUA scripts as a different user","details":"Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions of Redis with LUA scripting. This issue is fixed in version 8.2.2. A workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing LUA scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families.","aliases":["BIT-keydb-2025-46818","BIT-redis-2025-46818","BIT-valkey-2025-46818","GHSA-qrv7-wcrx-q5jp"],"modified":"2026-03-23T21:29:11.131969Z","published":"2025-10-03T18:38:57.170Z","related":["ALSA-2025:19237","ALSA-2025:19238","ALSA-2025:19345","ALSA-2025:19675","ALSA-2025:20926","ALSA-2025:20955","ALSA-2025:21916","ALSA-2025:21936","CGA-4c3m-8fx5-qrp2","MGASA-2025-0307","SUSE-SU-2025:03499-1","SUSE-SU-2025:03500-1","SUSE-SU-2025:03501-1","SUSE-SU-2025:03502-1","SUSE-SU-2025:03505-1","SUSE-SU-2025:03506-1","SUSE-SU-2025:03507-1","SUSE-SU-2026:20022-1","openSUSE-SU-2025:15600-1","openSUSE-SU-2025:15604-1","openSUSE-SU-2025:20121-1","openSUSE-SU-2026:20003-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/46xxx/CVE-2025-46818.json","cna_assigner":"GitHub_M","cwe_ids":["CWE-94"]},"references":[{"type":"WEB","url":"https://github.com/redis/redis/releases/tag/8.2.2"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/46xxx/CVE-2025-46818.json"},{"type":"ADVISORY","url":"https://github.com/redis/redis/security/advisories/GHSA-qrv7-wcrx-q5jp"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-46818"},{"type":"FIX","url":"https://github.com/redis/redis/commit/45eac0262028c771b6f5307372814b75f49f7a9e"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/redis/redis","events":[{"introduced":"4fa8bf356b4bf0f1ce345286a4f02d022a4badcb"},{"fixed":"9829bdbfd9e7eeb8fb6c79ce36bcc77a681824b1"}]}],"versions":["8.2.0","8.2.1","8.2.1-int"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-46818.json","vanir_signatures":[{"source":"https://github.com/redis/redis/commit/9829bdbfd9e7eeb8fb6c79ce36bcc77a681824b1","digest":{"function_hash":"231823367469822555940742382288933873230","length":564},"target":{"function":"defragStream","file":"src/defrag.c"},"signature_type":"Function","signature_version":"v1","id":"CVE-2025-46818-1bff8e25","deprecated":false},{"source":"https://github.com/redis/redis/commit/9829bdbfd9e7eeb8fb6c79ce36bcc77a681824b1","digest":{"function_hash":"288446850232562980440863683026214219231","length":274},"target":{"function":"defragStreamConsumerGroup","file":"src/defrag.c"},"signature_type":"Function","signature_version":"v1","id":"CVE-2025-46818-2f43472c","deprecated":false},{"source":"https://github.com/redis/redis/commit/9829bdbfd9e7eeb8fb6c79ce36bcc77a681824b1","digest":{"function_hash":"269273620982420028349368441170132491277","length":316},"target":{"function":"defragStreamConsumerPendingEntry","file":"src/defrag.c"},"signature_type":"Function","signature_version":"v1","id":"CVE-2025-46818-77eb7a7a","deprecated":false},{"source":"https://github.com/redis/redis/commit/9829bdbfd9e7eeb8fb6c79ce36bcc77a681824b1","digest":{"function_hash":"278644848284550820802314798222846137842","length":1028},"target":{"function":"ebDefragRaxBucket","file":"src/ebuckets.c"},"signature_type":"Function","signature_version":"v1","id":"CVE-2025-46818-90636aee","deprecated":false},{"source":"https://github.com/redis/redis/commit/9829bdbfd9e7eeb8fb6c79ce36bcc77a681824b1","digest":{"line_hashes":["138051693839747285096021458702403893111","217792725282971082265874066493719589089","314104092114484613540366304337620153799","289838893004834880788220210160086127357","261640981466269970594854736063516974006","310366546339259136490471016273997718966","32133616761046458240624936400794999717","99379125398230922191097416962833631765","141940563608976522218604452044168104567","11220539234012554404348468137403013259","232481408480410736814504528475544114533","51866787026042368566811775065054533143","63433160957720909299274972010261027892","294256383012553041837446580576855146212","89382824653771948252974872163098475979","125843216691037721002607267089725657746","134688872856233222990888740724026394481","48326925826003410695033980425698456909","67996540693667022215470987524713099413","136018837045987266595679134463638862968","333375019022085398980596780008619891568","29915176327139359699601310212482016515","78998988978891701179665002117073134153","17549832641806627852119609812055732197","42446296350911664275182979645220907226","138975645959192329129097852787418759626","149158348708285902087935202222825724476","142605691491218526884160292427755441470","11688604414306184430853572012154672997","148558868641076683043063174755617384651","21028590655927164121484625827791262156","46089719024847428095945812658394875858","132152125759967892984304802846013499407","252710555466710673955941017321669831749","239262572873833474405578058531672783359","66720547795711375935066349761282397334","228824034014002333793286778567671435553","140423370034328928159919286536412352374","34259259009794645587500028432093165186","32714089352387174407290605263289841726","142160850842147572350805881228483295868","232067484793209163755223773554912439711","294077731618297973044671231562754097105","216744741664175839129273154417262477100","995446791351321522154638928135859875","191256389506455193250670539930255527581","302732920957766076804960979292947649450","26025635131505467470119512320366390742"],"threshold":0.9},"target":{"file":"src/defrag.c"},"signature_type":"Line","signature_version":"v1","id":"CVE-2025-46818-9771037c","deprecated":false},{"source":"https://github.com/redis/redis/commit/9829bdbfd9e7eeb8fb6c79ce36bcc77a681824b1","digest":{"line_hashes":["244502848865928883332908724730119052311","141797934241402737746765354854429761657","121189225860232617002299124820059699861","325221416935840389820722274695630580016","303490719280172131208887830823944185073","43864785869962988976065089075595503762","53490938445701540411614375924248395921","23408075982072842741195268914820996812","320872889493649556307334100222506094780","244730142365431892013328866901959544225","170283847187515741955371454705299138105","235864933409515329941478345542925607458"],"threshold":0.9},"target":{"file":"src/ebuckets.c"},"signature_type":"Line","signature_version":"v1","id":"CVE-2025-46818-b3bba80f","deprecated":false},{"source":"https://github.com/redis/redis/commit/9829bdbfd9e7eeb8fb6c79ce36bcc77a681824b1","digest":{"function_hash":"43521981978878587750908260601344872279","length":307},"target":{"function":"activeDefragAlloc","file":"src/defrag.c"},"signature_type":"Function","signature_version":"v1","id":"CVE-2025-46818-c715e681","deprecated":false},{"source":"https://github.com/redis/redis/commit/9829bdbfd9e7eeb8fb6c79ce36bcc77a681824b1","digest":{"function_hash":"307600606145985118090248030247413925373","length":654},"target":{"function":"activeDefragHExpiresOB","file":"src/defrag.c"},"signature_type":"Function","signature_version":"v1","id":"CVE-2025-46818-f6afd884","deprecated":false}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"}]}