ByteOS Network

CVE Vulnerability Details :

CVE-2025-67733

PUBLISHED

More Info Official Page

Assigner-GitHub_M

Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa

Published At-23 Feb, 2026 | 19:39

Updated At-23 Feb, 2026 | 19:39

▼CVE Numbering Authority (CNA)

Valkey Affected by RESP Protocol Injection via Lua error_reply

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same connection. The error handling code for lua scripts does not properly handle null characters. Versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12 fix the issue.

Affected Products

Vendor

valkey-io

Product

valkey

Versions

Affected

< 7.2.12
>= 8.0.0, < 8.0.7
>= 8.1.0, < 8.1.6
>= 9.0.0, < 9.0.2

Problem Types

Type	CWE ID	Description
CWE	CWE-74	CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Type: CWE

CWE ID: CWE-74

Description: CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Metrics

Version	Base score	Base severity	Vector
3.1	8.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H

Version: 3.1

Base score: 8.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H

References

Hyperlink	Resource
https://github.com/valkey-io/valkey/security/advisories/GHSA-p876-p7q5-hv2m	x_refsource_CONFIRM

Hyperlink: https://github.com/valkey-io/valkey/security/advisories/GHSA-p876-p7q5-hv2m

Resource:

x_refsource_CONFIRM

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References