CVE-2025-67733 Valkey — Exploit & Vulnerability Details HIGH

CVE-2025-67733

HIGH CVSS 3.1: 8.5 EPSS 0.02%

Parameter	Value
CVSS	8.5 (HIGH)
Type	CWE-74 (Injection)
Vendor	Valkey
Public PoC	No

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same connection. The error handling code for lua scripts does not properly handle null characters.

Versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12 fix the issue.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

None

No data leak

Integrity

Low

Partial data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-74 Injection

References 1

https://github.com/valkey-io/valkey/security/advisories/GHSA-p876-p7q5-hv2m

security-advisories@github.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-27623

Valkey

7.5

CVE-2026-21863

Valkey

7.5

Menu

CVE-2025-67733

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-27623

CVE-2026-21863

CVE Details

Editor's Choice

Menu

CVE-2025-67733

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-27623

CVE-2026-21863

CVE Details

Editor's Choice

Stay informed on cybersecurity