What is CVE-2025-52935?

CVE-2025-52935 is a vulnerability in Dragonflydb Dragonfly, classified under Integer Overflow or Wraparound. Published 2025-06-23.

Is CVE-2025-52935 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Integer overflow in Dragonflydb Dragonfly

CVE-2025-52935

Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly (src/redis/lua/struct modules). This vulnerability is associated with program files lua_struct.C. This issue affects dragonfly: 1.30.1, 1.30.0, 1.28.18.

Vulnerability class: Integer Overflow

EPSS: 0.003 (53.4th percentile) — read the EPSS interpretation.

Affected products

Dragonflydb Dragonfly — versions 1.30.1, 1.30.0, 1.28.18

Weakness classification (CWE)

CWE-190 — Integer Overflow or Wraparound

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

github.com/dragonflydb/dragonfly/pull/4996 (patch, third-party-advisory)
github.com/dragonflydb/dragonfly/commit/473e002c848eb312f23d84114eb4951a7c4af5a1 (patch)

Frequently asked questions

What is CVE-2025-52935?: CVE-2025-52935 is a vulnerability in Dragonflydb Dragonfly, classified under Integer Overflow or Wraparound. Published 2025-06-23.
Is CVE-2025-52935 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.