Unrated severityNVD Advisory· Published Jul 7, 2025· Updated Nov 3, 2025

CVE-2024-25177

Description

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IR_FSTORE for NULL metatable, which leads to Denial of Service (DoS).

Affected products

OpenRusty/luajit2description
LuaJIT/LuaJITllm-create
Range: <=2.1
OpenRusty/luajit2llm-create
Range: <v2.1-20240314

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gist.github.com/pwnhacker0x18/a73f560d79f2c3d4011d6c5a2676f04amitre
github.com/LuaJIT/LuaJIT/commit/85b4fed0b0353dd78c8c875c2f562d522a2b310fmitre
github.com/LuaJIT/LuaJIT/issues/1147mitre
github.com/openresty/luajit2/commit/85b4fed0b0353dd78c8c875c2f562d522a2b310fmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000