CVE-2025-46817
CVE Details
Visit the official vulnerability details page for CVE-2025-46817 to learn more.
Initial Publication
11/14/2025
Last Update
01/05/2026
Third Party Dependency
redis
NIST CVE Summary
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2.
CVE Severity
Our Official Summary
CVE-2025-46817 is a high-severity integer overflow vulnerability in Redis, an open-source, in-memory database commonly used for caching and fast data access. The flaw exists in the Lua scripting environment of Redis, where specially crafted Lua scripts can trigger an integer overflow condition. The vulnerability occurs when an authenticated user submits a crafted Lua script that causes an integer overflow inside Redis’s Lua execution engine.
There issue is reported on harbor registry pack if used within the kubernetes cluster. Exploitation of this issue would require access to the container and execution of code on the container. Container has safeguards in place to prevent code execution.
There is no upstream fix available to fix this vulnerability. Once available, it will be adopted.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.8.13 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.7.29 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
Revision History
| Date | Revision |
|---|---|
| 01/05/2026 | Status changed from Open to Ongoing |
| 01/05/2026 | Official summary added |