Main
Vulnerability Database
Exploits
ID:12017 - Exploit for Improper authentication in Redis - CVE-2025-46818
ID:12017 - Exploit for Improper authentication in Redis - CVE-2025-46818
Published: October 8, 2025
Vulnerability identifier: #VU116641
Vulnerability risk: Medium
CVE-ID: CVE-2025-46818
CWE-ID: CWE-287
Exploitation vector: Remote access
Vulnerable software:
Redis
Redis
Link to public exploit:
Vulnerability description
The vulnerability allows a remote user to escalate privileges within the application.
The vulnerability exists due to an error when handling Lua scripts. A remote user can manipulate different LUA objects and potentially run their own code in the context of another user.
Remediation
Install updates from vendor's website.