CVE-2025-48493 – “Redis AUTH Credentials Exposed in Yii Logs”

June 5, 2025

CVE ID : CVE-2025-48493

Published : June 5, 2025, 5:15 p.m. | 1 hour, 13 minutes ago

Description : The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, the extension writes commands sequence to logs. Prior to version 2.0.20, AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs. Version 2.0.20 fixes the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5670 – PHPGurukul Medical Card Generation System SQL Injection

Next Article CVE-2025-49009 – Facebook Para Facebook Auth Token Information Disclosure

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Beyond the benchmarks: Understanding the coding personalities of different LLMs

Top 10 Use Cases of Vibe Coding in Large-Scale Node.js Applications

Building smarter interactions with MCP elicitation: From clunky tool calls to seamless user experiences

From Zero to MCP: Simplifying AI Integrations with xmcp

Distribution Release: Linux Mint 22.2

Coded Smorgasbord: Basically, a Smorgasbord

Drupal 11’s AI Features: What They Actually Mean for Your Team

Drupal 11’s AI Features: What They Actually Mean for Your Team

Why Data Governance Matters More Than Ever in 2025?

Perficient Included in the IDC Market Glance for Digital Business Professional Services, 3Q25

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

Distribution Release: Linux Mint 22.2

‘Cronos: The New Dawn’ was by far my favorite experience at Gamescom 2025 — Bloober might have cooked an Xbox / PC horror masterpiece

CVE-2025-48493 – “Redis AUTH Credentials Exposed in Yii Logs”

Critical Linux UDisks Daemon Vulnerability (CVE-2025-8067) Exposes Privileged Data to Local Attackers

Google Slapped with $381 Million Fine in France Over Gmail Ads, Cookie Consent Missteps

Stanford Researchers Propose FramePack: A Compression-based AI Framework to Tackle Drifting and Forgetting in Long-Sequence Video Generation Using Efficient Context Management and Sampling

CVE-2025-48915 – Drupal COOKiES Consent Management Cross-Site Scripting (XSS)

Genie 2: A large-scale foundation world model

CVE-2025-47885 – CloudBees Jenkins Health Advisor XSS

Exposure Protocol: Information Disclosure in the Wild [Part 1]

CVE-2025-36117 – IBM Db2 Mirror for i Session ID Impersonation Vulnerability

Lead With Quality or Fall Behind: Why Mid-Market GCCs Need AI-Driven QA Now

CVE-2025-45029 – Winstar WN572HP3 Heap Overflow

CVE-2025-48493 – “Redis AUTH Credentials Exposed in Yii Logs”

Related Posts