CVE-2025-46818 Overview
CVE-2025-46818 is a code injection vulnerability [CWE-94] affecting Redis, the open source in-memory database. Versions 8.2.1 and below allow an authenticated user to craft a malicious Lua script that manipulates Lua objects and executes code in the context of another Redis user. The flaw exists in all Redis versions that support Lua scripting and stems from insufficient protection of Lua metatables for basic types. Redis 8.2.2 contains the fix. The issue is tracked under GitHub Security Advisory GHSA-qrv7-wcrx-q5jp.
Critical Impact
An authenticated Redis user can execute Lua code in the context of another user, breaking the ACL isolation model and enabling privilege escalation across tenants sharing the same Redis instance.
Affected Products
- Redis versions 8.2.1 and below with Lua scripting enabled
- Redis deployments using EVAL or FUNCTION command families
- Multi-tenant Redis instances relying on ACLs for user separation
Discovery Timeline
- 2025-10-03 - CVE-2025-46818 published to the National Vulnerability Database
- 2025-10-03 - Redis 8.2.2 released with the patch
- 2026-01-27 - Last updated in NVD database
Technical Details for CVE-2025-46818
Vulnerability Analysis
Redis embeds a Lua interpreter to execute server-side scripts submitted through EVAL, EVALSHA, and FUNCTION commands. Each script runs under the calling user's ACL context. The vulnerability allows an authenticated attacker to manipulate shared Lua objects so that subsequent script execution by another user runs attacker-controlled code under that user's identity.
Because Lua scripts share interpreter state across invocations, modifications to global Lua structures persist between script runs. The classification as CWE-94 (Improper Control of Generation of Code) reflects that the attacker injects Lua code that later executes in a different security context.
Root Cause
The root cause is missing read-only protection on metatables of Lua basic types such as string, number, and nil. Redis recursively locked tables reachable from the global table but did not seal metatables of primitive types. An attacker can mutate these metatables to inject methods invoked when another user later operates on values of those types.
Attack Vector
Exploitation requires authenticated, local access to the Redis instance and that the attacker possesses permission to execute Lua scripts. The attacker submits a crafted EVAL payload that rewrites a metatable on a basic type. When a different authenticated user later runs any script that touches a value of that type, the injected hook executes with the victim's ACL privileges.
// Patch in src/eval.c (CVE-2025-46818)
/* Recursively lock all tables that can be reached from the global table */
luaSetTableProtectionRecursively(lua);
lua_pop(lua, 1);
+ /* Set metatables of basic types (string, number, nil etc.) readonly. */
+ luaSetTableProtectionForBasicTypes(lua);
lctx.lua = lua;
}
Source: Redis commit 45eac02
Detection Methods for CVE-2025-46818
Indicators of Compromise
- Unexpected EVAL, EVALSHA, or FCALL commands issued by user accounts that do not normally run scripts
- Lua scripts that assign to string, number, or nil metatables, or invoke setmetatable against basic types
- Redis ACL events showing commands executing with elevated permissions relative to the calling user
- Redis server versions reporting 8.2.1 or earlier in INFO server output
Detection Strategies
- Enable Redis ACL logging and review ACL LOG for entries showing unexpected command access by scripting users
- Capture and inspect Lua script contents through MONITOR or slow log analysis for metatable manipulation patterns
- Inventory Redis deployments and flag any instance running a version below 8.2.2
Monitoring Recommendations
- Forward Redis logs, slow log, and ACL log entries to a centralized SIEM for correlation
- Alert on first-time use of EVAL or FUNCTION LOAD by accounts that have not previously run scripts
- Track Redis version data from configuration management and trigger alerts when vulnerable versions appear
How to Mitigate CVE-2025-46818
Immediate Actions Required
- Upgrade Redis to version 8.2.2 or later on all instances that permit Lua scripting
- Audit ACL definitions and remove EVAL, EVALSHA, FCALL, and FUNCTION permissions from users that do not require them
- Rotate credentials for any Redis user that may have been impersonated through script-context execution
Patch Information
The fix landed in Redis release 8.2.2. The patch in commit 45eac02 introduces luaSetTableProtectionForBasicTypes to mark metatables of basic Lua types read-only and adds the lua-enable-deprecated-api configuration toggle. Full advisory details are in GHSA-qrv7-wcrx-q5jp.
Workarounds
- Block Lua scripting for all users by restricting the EVAL and FUNCTION command families through Redis ACLs
- Restrict network access to Redis to trusted operators only, since exploitation requires authenticated access
- Avoid sharing a single Redis instance across mutually distrustful tenants until patching is complete
# Restrict Lua scripting via Redis ACL until patching is possible
ACL SETUSER default -@scripting
ACL SETUSER appuser on >StrongPassword ~app:* +@read +@write -eval -evalsha -eval_ro -evalsha_ro -function -fcall -fcall_ro
ACL SAVE
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
