Is CVE-2025-67733 actively exploited?

CVE-2025-67733 has no public evidence of in-the-wild exploitation as of 2026-02-25.

What is the CVSS score for CVE-2025-67733?

CVE-2025-67733 has a CVSS score of 8.5 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H.

How do I patch CVE-2025-67733?

Patch guidance is available from lfprojects security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2025-67733.

Fix CVE-2025-67733 - HIGH lfprojects valkey

Q: Which products are affected by CVE-2025-67733?

4 products: lfprojects valkey, lfprojects valkey, lfprojects valkey, lfprojects valkey.

Description

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same connection. The error handling code for lua scripts does not properly handle null characters. Versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12 fix the issue.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H
Attack Vector: network
Complexity: low
Privileges: low
User Action: none
Scope: changed
Confidentiality: none
Integrity: low
Availability: high
Weaknesses: CWE-74

Metadata

Primary Vendor: LFPROJECTS
Published: 2/23/2026
Last Modified: 2/25/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

lfprojects : valkeylfprojects : valkeylfprojects : valkeylfprojects : valkey

Remediation Guidance

Executive Summary

Cite this page

CVE-2025-67733. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2025-67733

View on NIST NVD

CVE-2025-67733 vulnerability