csaf_microsoft - msrc_cve-2025-46818

msrc_cve-2025-46818

Vulnerability from csaf_microsoft

Published

2025-10-02 00:00

Modified

2025-10-10 01:37

Summary

Redis: Authenticated users can execute LUA scripts as a different user

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2025-46818 Redis: Authenticated users can execute LUA scripts as a different user - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-46818.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Redis: Authenticated users can execute LUA scripts as a different user",
    "tracking": {
      "current_release_date": "2025-10-10T01:37:03.000Z",
      "generator": {
        "date": "2025-10-22T22:49:11.234Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2025-46818",
      "initial_release_date": "2025-10-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-10-10T01:37:03.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              },
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cazl3 valkey 8.0.4-1",
                "product": {
                  "name": "\u003cazl3 valkey 8.0.4-1",
                  "product_id": "2"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 valkey 8.0.4-1",
                "product": {
                  "name": "azl3 valkey 8.0.4-1",
                  "product_id": "19593"
                }
              }
            ],
            "category": "product_name",
            "name": "valkey"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "cbl2 redis 6.2.20-1",
                "product": {
                  "name": "cbl2 redis 6.2.20-1",
                  "product_id": "1"
                }
              }
            ],
            "category": "product_name",
            "name": "redis"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 valkey 8.0.4-1 as a component of Azure Linux 3.0",
          "product_id": "17084-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 valkey 8.0.4-1 as a component of Azure Linux 3.0",
          "product_id": "19593-17084"
        },
        "product_reference": "19593",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 redis 6.2.20-1 as a component of CBL Mariner 2.0",
          "product_id": "17086-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17086"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-46818",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0026#39;Code Injection\u0026#39;)"
      },
      "notes": [
        {
          "category": "general",
          "text": "GitHub_M",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "19593-17084"
        ],
        "known_affected": [
          "17084-2",
          "17086-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46818 Redis: Authenticated users can execute LUA scripts as a different user - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-46818.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-10-10T01:37:03.000Z",
          "details": "8.0.6-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17084-2"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 6.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "17084-2",
            "17086-1"
          ]
        }
      ],
      "title": "Redis: Authenticated users can execute LUA scripts as a different user"
    }
  ]
}

CVE-2025-46818 (GCVE-0-2025-46818)

Vulnerability from cvelistv5

Published

2025-10-03 18:38

Modified

2025-10-03 19:14

Severity ?

6.0 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Summary

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions of Redis with LUA scripting. This issue is fixed in version 8.2.2. A workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing LUA scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families.

References

URL

Tags

	https://github.com/redis/redis/security/advisories/GHSA-qrv7-wcrx-q5jp	x_refsource_CONFIRM
	https://github.com/redis/redis/commit/45eac0262028c771b6f5307372814b75f49f7a9e	x_refsource_MISC
	https://github.com/redis/redis/releases/tag/8.2.2	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	redis	redis	Version: < 8.2.2

Show details on NVD website