CVE-2025-67733 - Vulnerability Analysis
HighCVSS: 8.5Last Updated: February 24, 2026
Valkey - Stored XSS
Overview
Valkey < 9.0.2, 8.1.6, 8.0.7, and 7.2.12 contains a stored XSS caused by improper handling of null characters in Lua script error handling, letting malicious users inject arbitrary information into response streams, exploit requires scripting command access.
Severity & Score
Impact
Malicious users can inject arbitrary data into response streams, potentially corrupting or tampering data for other users on the same connection.
Mitigation
Upgrade to versions 9.0.2, 8.1.6, 8.0.7, or 7.2.12 or later.
Social Media Activity(2 posts)
š CVE-2025-67733 - High (8.5) Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or ret... š https://www.thehackerwire.com/vulnerability/CVE-2025-67733/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postš CVE-2025-67733 - High (8.5) Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or ret... š https://www.thehackerwire.com/vulnerability/CVE-2025-67733/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postGitHub Repositories(1 repo)
Related Resources
Details
- CVE ID
- CVE-2025-67733
- Severity
- High
- CVSS Score
- 8.5
- Type
- stored_xss
- Status
- unconfirmed
- EPSS
- 2.0%
- Social Posts
- 2
CWE
- CWE-74
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H