Back

Critical Lua Vulnerability in Ubuntu 16.04 Allows Denial of Service and Code Execution

Severity: High (Score: 72.0)

Sources: Ubuntu, Linuxsecurity

Summary

A significant vulnerability (CVE-2025-49844) has been identified in the Lua parser used in Ubuntu 16.04. This flaw allows remote attackers to craft malicious Lua scripts that can crash the Lua interpreter or execute arbitrary code under the user's login. The vulnerability stems from improper handling of garbage collection in the Lua parser. Affected systems include Ubuntu 16.04 LTS with lua5.1 and liblua5.1-0 packages. Users are advised to update their systems to the patched versions provided by Ubuntu Pro. The vulnerability was published on October 3, 2025, and has a known proof of concept dating back to April 13, 2019. Immediate action is recommended to mitigate potential risks. Key Points: • CVE-2025-49844 allows denial of service and arbitrary code execution in Lua. • Affected systems include Ubuntu 16.04 LTS with lua5.1 and liblua5.1-0 packages. • Users should update to the latest package versions to mitigate the vulnerability.

Key Entities

  • Denial of Service (attack_type)
  • CVE-2025-49844 (cve)
  • CWE-94 - Code Injection (cwe)
  • Lua (mitre_attack)
  • Lua 5.1 (platform)
  • Ubuntu (company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed