vulnerability

Ubuntu: USN-7893-1 (CVE-2025-46818): Valkey vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:L/AC:H/Au:S/C:C/I:C/A:N)	Oct 3, 2025	Nov 27, 2025	Nov 28, 2025

Severity

CVSS

(AV:L/AC:H/Au:S/C:C/I:C/A:N)

Published

Oct 3, 2025

Added

Nov 27, 2025

Modified

Nov 28, 2025

Description

Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Valkey incorrectly
handled memory when running Lua scripts. An authenticated attacker could
use this vulnerability to trigger a use-after-free condition, and
potentially achieve remote code execution on the Valkey server.
(CVE-2025-49844)

It was discovered that Valkey incorrectly handled memory when running Lua
scripts. An authenticated attacker could use this vulnerability to trigger
a integer overflow condition, and potentially achieve remote code execution
on the Valkey server. (CVE-2025-46817)

It was discovered that Valkey incorrectly handled Lua objects. An
authenticated attacker could possibly use this issue to escalate their
privileges. (CVE-2025-46818)

It was discovered that Valkey incorrectly handled memory when running Lua
scripts. An authenticated attacker could use this vulnerability to read
out-of-bounds memory, causing a denial of service or possibly obtaining
sensitive information. (CVE-2025-46819)

It was discovered that Valkey incorrectly handled memory in some
calculations. An attacker could possibly use this issue to cause a denial
of service. (CVE-2025-49112)

Solution

ubuntu-upgrade-valkey-server

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today