CVE-2025-67733 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2025-67733 Interim 1 1 2026-03-05T00:26:05Z current 2026-03-05T00:26:05Z 2026-03-05T00:26:05Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2025-67733 Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same connection. The error handling code for lua scripts does not properly handle null characters. Versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12 fix the issue. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2026-February/024491.html E-Mail link for SUSE-SU-2026:0685-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Server Applications 15 SP7 SUSE Linux Enterprise Server 15 SP6-LTSS SUSE Linux Enterprise Module for Server Applications 15 SP7 SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Server for SAP Applications 15 SP6 SUSE Linux Enterprise Module for Server Applications 15 SP7 SUSE Linux Enterprise Server for SAP applications 16.0 openSUSE Leap 15.6 openSUSE Tumbleweed valkey valkey-8.0.7-150600.13.20.1 valkey-8.0.7-150700.3.14.1 valkey-9.0.3-1.1 valkey-compat-redis valkey-compat-redis-8.0.7-150600.13.20.1 valkey-compat-redis-8.0.7-150700.3.14.1 valkey-compat-redis-9.0.3-1.1 valkey-devel valkey-devel-8.0.7-150600.13.20.1 valkey-devel-8.0.7-150700.3.14.1 valkey-devel-9.0.3-1.1 valkey-8.0.7-150600.13.20.1 as a component of openSUSE Leap 15.6 valkey-compat-redis-8.0.7-150600.13.20.1 as a component of openSUSE Leap 15.6 valkey-devel-8.0.7-150600.13.20.1 as a component of openSUSE Leap 15.6 valkey-9.0.3-1.1 as a component of openSUSE Tumbleweed valkey-compat-redis-9.0.3-1.1 as a component of openSUSE Tumbleweed valkey-devel-9.0.3-1.1 as a component of openSUSE Tumbleweed valkey-8.0.7-150700.3.14.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 valkey-compat-redis-8.0.7-150700.3.14.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 valkey-devel-8.0.7-150700.3.14.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 valkey as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 valkey-compat-redis as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 valkey-devel as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 valkey as a component of SUSE Linux Enterprise Server 15 SP6-LTSS valkey-compat-redis as a component of SUSE Linux Enterprise Server 15 SP6-LTSS valkey-devel as a component of SUSE Linux Enterprise Server 15 SP6-LTSS valkey as a component of SUSE Linux Enterprise Server 16.0 valkey-compat-redis as a component of SUSE Linux Enterprise Server 16.0 valkey-devel as a component of SUSE Linux Enterprise Server 16.0 valkey as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP6 valkey-compat-redis as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP6 valkey-devel as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP6 valkey as a component of SUSE Linux Enterprise Server for SAP applications 16.0 valkey-compat-redis as a component of SUSE Linux Enterprise Server for SAP applications 16.0 valkey-devel as a component of SUSE Linux Enterprise Server for SAP applications 16.0 Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same connection. The error handling code for lua scripts does not properly handle null characters. Versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12 fix the issue. CVE-2025-67733 openSUSE Leap 15.6:valkey-8.0.7-150600.13.20.1 openSUSE Leap 15.6:valkey-compat-redis-8.0.7-150600.13.20.1 openSUSE Leap 15.6:valkey-devel-8.0.7-150600.13.20.1 openSUSE Tumbleweed:valkey-9.0.3-1.1 openSUSE Tumbleweed:valkey-compat-redis-9.0.3-1.1 openSUSE Tumbleweed:valkey-devel-9.0.3-1.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:valkey-8.0.7-150700.3.14.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:valkey-compat-redis-8.0.7-150700.3.14.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:valkey-devel-8.0.7-150700.3.14.1 moderate 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H