Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Amazon Linux 2 : redis, --advisory ALAS2REDIS6-2025-015 (ALASREDIS6-2025-015)

🗓️ 15 Oct 2025 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 7 Views

Redis on Amazon Linux 2 is vulnerable to Lua scripting flaws prior to 6.2.20-2; fix in 8.2.2; ACL can mitigate.

Related
Refs
Code
ReporterTitlePublishedViews
Family
FreeBSD		redis,valkey -- Running Lua function as a different user
3 Oct 202500:00
freebsd
FreeBSD		redis,valkey -- Out of bound read due to a bug in LUA
3 Oct 202500:00
freebsd
FreeBSD		redis,valkey -- Lua Use-After-Free may lead to remote code execution
3 Oct 202500:00
freebsd
FreeBSD		redis,valkey -- Lua library commands may lead to integer overflow and potential RCE
3 Oct 202500:00
freebsd
GithubExploit		Exploit for Use After Free in Redis
7 Oct 202506:18
githubexploit
GithubExploit		Exploit for Use After Free in Redis
14 Oct 202504:20
githubexploit
GithubExploit		Exploit for Use After Free in Redis
9 Mar 202622:43
githubexploit
GithubExploit		Exploit for Use After Free in Redis
6 Apr 202608:03
githubexploit
GithubExploit		Exploit for Use After Free in Redis
31 Oct 202505:59
githubexploit
GithubExploit		Exploit for Use After Free in Redis
7 Oct 202510:12
githubexploit
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALASREDIS6-2025-015.
##

include('compat.inc');

if (description)
{
  script_id(270551);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/18");

  script_cve_id(
    "CVE-2025-46817",
    "CVE-2025-46818",
    "CVE-2025-46819",
    "CVE-2025-49844"
  );
  script_xref(name:"IAVA", value:"2025-A-0731-S");

  script_name(english:"Amazon Linux 2 : redis, --advisory ALAS2REDIS6-2025-015 (ALASREDIS6-2025-015)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of redis installed on the remote host is prior to 6.2.20-2. It is, therefore, affected by multiple
vulnerabilities as referenced in the ALAS2REDIS6-2025-015 advisory.

    Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an
    authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead
    to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is
    fixed in version 8.2.2. (CVE-2025-46817)

    Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an
    authenticated user to use a specially crafted Lua script to manipulate different LUA objects and
    potentially run their own code in the context of another user. The problem exists in all versions of Redis
    with LUA scripting. This issue is fixed in version 8.2.2. A workaround to mitigate the problem without
    patching the redis-server executable is to prevent users from executing LUA scripts. This can be done
    using ACL to block a script by restricting both the EVAL and FUNCTION command families. (CVE-2025-46818)

    Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an
    authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and
    subsequent denial of service. The problem exists in all versions of Redis with Lua scripting. This issue
    is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to
    prevent users from executing Lua scripts. This can be done using ACL to block a script by restricting both
    the EVAL and FUNCTION command families. (CVE-2025-46819)

    Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an
    authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a
    use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis
    with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the
    redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to
    restrict EVAL and EVALSHA commands. (CVE-2025-49844)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com//AL2/ALAS2REDIS6-2025-015.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2025-46817.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2025-46818.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2025-46819.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2025-49844.html");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update redis' or
  or 'yum update --advisory ALAS2REDIS6-2025-015' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-46817");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2025-49844");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/10/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/10/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/10/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:redis");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:redis-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:redis-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:redis-doc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var REPOS_FOUND = TRUE;
var extras_list = get_kb_item("Host/AmazonLinux/extras_label_list");
if (isnull(extras_list)) REPOS_FOUND = FALSE;
var repository = '"amzn2extra-redis6"';
if (REPOS_FOUND && (repository >!< extras_list)) exit(0, AFFECTED_REPO_NOT_ENABLED);

var pkgs = [
    {'reference':'redis-6.2.20-2.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'redis6'},
    {'reference':'redis-6.2.20-2.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'redis6'},
    {'reference':'redis-debuginfo-6.2.20-2.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'redis6'},
    {'reference':'redis-debuginfo-6.2.20-2.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'redis6'},
    {'reference':'redis-devel-6.2.20-2.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'redis6'},
    {'reference':'redis-devel-6.2.20-2.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'redis6'},
    {'reference':'redis-doc-6.2.20-2.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'redis6'}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  var cves = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  var extra = rpm_report_get();
  if (!REPOS_FOUND) extra = rpm_report_get() + report_repo_caveat();
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : extra
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "redis / redis-debuginfo / redis-devel / etc");
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
18 Nov 2025 00:00Current
8.7High risk
Vulners AI Score8.7
CVSS 3.19.9
EPSS0.11111
SSVC
redislua scriptingamazon linux two
7