{"id":"UBUNTU-CVE-2025-46818","details":"Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions of Redis with LUA scripting. This issue is fixed in version 8.2.2. A workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing LUA scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families.","modified":"2026-05-20T16:23:31.864111603Z","published":"2025-10-03T19:15:00Z","related":["USN-7893-1"],"upstream":["CVE-2025-46818"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-46818"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2025-46818"},{"type":"REPORT","url":"https://github.com/redis/redis/security/advisories/GHSA-qrv7-wcrx-q5jp"},{"type":"REPORT","url":"https://github.com/redis/redis/commit/45eac0262028c771b6f5307372814b75f49f7a9e"},{"type":"REPORT","url":"https://github.com/valkey-io/valkey/commit/6dd003e88feace83e55491f32376f6927896e31e"},{"type":"REPORT","url":"https://github.com/redis/redis/commit/45eac0262028c771b6f5307372814b75f49f7a9e"},{"type":"REPORT","url":"https://github.com/redis/redis/releases/tag/8.2.2"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7893-1"}],"affected":[{"package":{"name":"redis","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/redis?arch=source&distro=esm-infra-legacy%2Ftrusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2:2.6.13-1","2:2.6.16-3","2:2.8.0-1","2:2.8.2-1","2:2.8.4-2","2:2.8.4-2ubuntu0.2","2:2.8.4-2ubuntu0.2+esm1","2:2.8.4-2ubuntu0.2+esm2","2:2.8.4-2ubuntu0.2+esm3","2:2.8.4-2ubuntu0.2+esm4","2:2.8.4-2ubuntu0.2+esm5"],"ecosystem_specific":{"binaries":[{"binary_name":"redis-server","binary_version":"2:2.8.4-2ubuntu0.2+esm5"},{"binary_name":"redis-tools","binary_version":"2:2.8.4-2ubuntu0.2+esm5"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-46818.json"}},{"package":{"name":"redis","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/redis?arch=source&distro=esm-apps%2Fxenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2:3.0.3-3","2:3.0.5-1","2:3.0.5-2","2:3.0.5-3","2:3.0.5-4","2:3.0.6-1","2:3.0.6-1ubuntu0.2","2:3.0.6-1ubuntu0.3","2:3.0.6-1ubuntu0.4","2:3.0.6-1ubuntu0.4+esm1","2:3.0.6-1ubuntu0.4+esm2","2:3.0.6-1ubuntu0.4+esm3","2:3.0.6-1ubuntu0.4+esm4","2:3.0.6-1ubuntu0.4+esm5"],"ecosystem_specific":{"binaries":[{"binary_name":"redis-sentinel","binary_version":"2:3.0.6-1ubuntu0.4+esm5"},{"binary_name":"redis-server","binary_version":"2:3.0.6-1ubuntu0.4+esm5"},{"binary_name":"redis-tools","binary_version":"2:3.0.6-1ubuntu0.4+esm5"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-46818.json"}},{"package":{"name":"redis","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/redis?arch=source&distro=esm-apps%2Fbionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4:4.0.1-7","4:4.0.2-6","4:4.0.2-9","5:4.0.5-1","5:4.0.6-1","5:4.0.6-2","5:4.0.7-1","5:4.0.8-1","5:4.0.8-2","5:4.0.9-1","5:4.0.9-1ubuntu0.1","5:4.0.9-1ubuntu0.2","5:4.0.9-1ubuntu0.2+esm2","5:4.0.9-1ubuntu0.2+esm3","5:4.0.9-1ubuntu0.2+esm4","5:4.0.9-1ubuntu0.2+esm5","5:4.0.9-1ubuntu0.2+esm6","5:4.0.9-1ubuntu0.2+esm7"],"ecosystem_specific":{"binaries":[{"binary_name":"redis","binary_version":"5:4.0.9-1ubuntu0.2+esm7"},{"binary_name":"redis-sentinel","binary_version":"5:4.0.9-1ubuntu0.2+esm7"},{"binary_name":"redis-server","binary_version":"5:4.0.9-1ubuntu0.2+esm7"},{"binary_name":"redis-tools","binary_version":"5:4.0.9-1ubuntu0.2+esm7"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-46818.json"}},{"package":{"name":"redis","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/redis?arch=source&distro=esm-apps%2Ffocal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5:5.0.5-2build1","5:5.0.6-1","5:5.0.7-1","5:5.0.7-2","5:5.0.7-2ubuntu0.1~esm1","5:5.0.7-2ubuntu0.1","5:5.0.7-2ubuntu0.1+esm1","5:5.0.7-2ubuntu0.1+esm2","5:5.0.7-2ubuntu0.1+esm3","5:5.0.7-2ubuntu0.1+esm4"],"ecosystem_specific":{"binaries":[{"binary_name":"redis","binary_version":"5:5.0.7-2ubuntu0.1+esm4"},{"binary_name":"redis-sentinel","binary_version":"5:5.0.7-2ubuntu0.1+esm4"},{"binary_name":"redis-server","binary_version":"5:5.0.7-2ubuntu0.1+esm4"},{"binary_name":"redis-tools","binary_version":"5:5.0.7-2ubuntu0.1+esm4"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-46818.json"}},{"package":{"name":"redis","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/redis?arch=source&distro=esm-apps%2Fjammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5:6.0.15-1","5:6.0.16-1","5:6.0.16-1build1","5:6.0.16-1ubuntu1","5:6.0.16-1ubuntu1+esm1","5:6.0.16-1ubuntu1+esm2","5:6.0.16-1ubuntu1.1","5:6.0.16-1ubuntu1.1+esm1"],"ecosystem_specific":{"binaries":[{"binary_name":"redis","binary_version":"5:6.0.16-1ubuntu1.1+esm1"},{"binary_name":"redis-sentinel","binary_version":"5:6.0.16-1ubuntu1.1+esm1"},{"binary_name":"redis-server","binary_version":"5:6.0.16-1ubuntu1.1+esm1"},{"binary_name":"redis-tools","binary_version":"5:6.0.16-1ubuntu1.1+esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-46818.json"}},{"package":{"name":"redis","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/redis?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5:7.0.12-1","5:7.0.14-1","5:7.0.14-2","5:7.0.15-1","5:7.0.15-1build1","5:7.0.15-1build2","5:7.0.15-1ubuntu0.24.04.1","5:7.0.15-1ubuntu0.24.04.2","5:7.0.15-1ubuntu0.24.04.3","5:7.0.15-1ubuntu0.24.04.4"],"ecosystem_specific":{"binaries":[{"binary_name":"redis","binary_version":"5:7.0.15-1ubuntu0.24.04.4"},{"binary_name":"redis-sentinel","binary_version":"5:7.0.15-1ubuntu0.24.04.4"},{"binary_name":"redis-server","binary_version":"5:7.0.15-1ubuntu0.24.04.4"},{"binary_name":"redis-tools","binary_version":"5:7.0.15-1ubuntu0.24.04.4"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-46818.json"}},{"package":{"name":"valkey","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/valkey?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.2.11+dfsg1-0ubuntu0.2"}]}],"versions":["7.2.5+dfsg1-2ubuntu4~24.04.1","7.2.7+dfsg1-0ubuntu0.24.04.1","7.2.8+dfsg1-0ubuntu0.24.04.1","7.2.8+dfsg1-0ubuntu0.24.04.2","7.2.8+dfsg1-0ubuntu0.24.04.3","7.2.10+dfsg1-0ubuntu0.1","7.2.11+dfsg1-0ubuntu0.1"],"ecosystem_specific":{"binaries":[{"binary_name":"valkey-redis-compat","binary_version":"7.2.11+dfsg1-0ubuntu0.2"},{"binary_name":"valkey-sentinel","binary_version":"7.2.11+dfsg1-0ubuntu0.2"},{"binary_name":"valkey-server","binary_version":"7.2.11+dfsg1-0ubuntu0.2"},{"binary_name":"valkey-tools","binary_version":"7.2.11+dfsg1-0ubuntu0.2"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-46818.json"}},{"package":{"name":"redict","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/redict?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["7.3.2+ds-1","7.3.5+ds-1","7.3.5+ds-1ubuntu0.1","7.3.5+ds-1ubuntu0.2"],"ecosystem_specific":{"binaries":[{"binary_name":"redict","binary_version":"7.3.5+ds-1ubuntu0.2"},{"binary_name":"redict-sentinel","binary_version":"7.3.5+ds-1ubuntu0.2"},{"binary_name":"redict-server","binary_version":"7.3.5+ds-1ubuntu0.2"},{"binary_name":"redict-tools","binary_version":"7.3.5+ds-1ubuntu0.2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-46818.json"}},{"package":{"name":"redis","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/redis?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5:7.0.15-3","5:7.0.15-3.1","5:8.0.2-3","5:8.0.2-3build1","5:8.0.2-3ubuntu0.25.10.1"],"ecosystem_specific":{"binaries":[{"binary_name":"redis","binary_version":"5:8.0.2-3ubuntu0.25.10.1"},{"binary_name":"redis-sentinel","binary_version":"5:8.0.2-3ubuntu0.25.10.1"},{"binary_name":"redis-server","binary_version":"5:8.0.2-3ubuntu0.25.10.1"},{"binary_name":"redis-tools","binary_version":"5:8.0.2-3ubuntu0.25.10.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-46818.json"}},{"package":{"name":"valkey","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/valkey?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.1.4+dfsg1-0ubuntu0.2"}]}],"versions":["8.0.2+dfsg1-1ubuntu1","8.1.1+dfsg1-2ubuntu1","8.1.3+dfsg1-0ubuntu1","8.1.3+dfsg1-0ubuntu2","8.1.4+dfsg1-0ubuntu0.1"],"ecosystem_specific":{"binaries":[{"binary_name":"valkey-sentinel","binary_version":"8.1.4+dfsg1-0ubuntu0.2"},{"binary_name":"valkey-server","binary_version":"8.1.4+dfsg1-0ubuntu0.2"},{"binary_name":"valkey-tools","binary_version":"8.1.4+dfsg1-0ubuntu0.2"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-46818.json"}},{"package":{"name":"redict","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/redict?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["7.3.5+ds-1","7.3.5+ds-1ubuntu0.1","7.3.6+ds-1"],"ecosystem_specific":{"binaries":[{"binary_name":"redict","binary_version":"7.3.6+ds-1"},{"binary_name":"redict-sentinel","binary_version":"7.3.6+ds-1"},{"binary_name":"redict-server","binary_version":"7.3.6+ds-1"},{"binary_name":"redict-tools","binary_version":"7.3.6+ds-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-46818.json"}},{"package":{"name":"redis","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/redis?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5:8.0.2-3build1","5:8.0.2-3ubuntu0.25.10.1","5:8.0.5-1"],"ecosystem_specific":{"binaries":[{"binary_name":"redis","binary_version":"5:8.0.5-1"},{"binary_name":"redis-sentinel","binary_version":"5:8.0.5-1"},{"binary_name":"redis-server","binary_version":"5:8.0.5-1"},{"binary_name":"redis-tools","binary_version":"5:8.0.5-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-46818.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}