Explore top 10 tips to secure your open-source projects now. Read More
×
## This update for valkey fixes the following issues: Update to 8.0.6: * Security fixes: * CVE-2025-49844: Fixed that a Lua script may lead to remote code execution (bsc#1250995) * CVE-2025-46817: Fixed that a Lua script may lead to integer overflow and potential RCE (bsc#1250995) * CVE-2025-46818: Fixed that a Lua script can be executed in the context of another user (bsc#1250995) * CVE-2025-46819: Fixed LUA out-of-bound read (bsc#1250995) * Bug fixes: * Fix accounting for dual channel RDB bytes in replication stats (#2614) * Fix EVAL to report unknown error when empty error table is provided (#2229) * Fix use-after-free when active expiration triggers hashtable to shrink (#2257) * Fix MEMORY USAGE to account for embedded keys (#2290) * Fix memory leak when shrinking a hashtable without entries (#2288)
* bsc#1250995
Cross-
* CVE-2025-46817
* CVE-2025-46818
* CVE-2025-46819
* CVE-2025-49844
CVSS scores:
* CVE-2025-46817 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-46817 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-46817 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-46817 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-46818 ( SUSE ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-46818 ( SUSE ): 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-46818 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-46818 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
* CVE-2025-46819 ( SUSE ): 7.2
Get the latest Linux and open source security news straight to your inbox.