CVE-2025-48493 – “Redis AUTH Credentials Exposed in Yii Logs”

June 5, 2025

CVE ID : CVE-2025-48493

Published : June 5, 2025, 5:15 p.m. | 1 hour, 13 minutes ago

Description : The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, the extension writes commands sequence to logs. Prior to version 2.0.20, AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs. Version 2.0.20 fixes the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5670 – PHPGurukul Medical Card Generation System SQL Injection

Next Article CVE-2025-49009 – Facebook Para Facebook Auth Token Information Disclosure

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

Handling JavaScript Event Listeners With Parameters

ChatGPT now has an agent mode

Scrum Alliance and Kanban University partner to offer new course that teaches both methodologies

Is ChatGPT down? You’re not alone. Here’s what OpenAI is saying

I found a tablet that could replace my iPad and Kindle – and it’s worth every penny

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

Execute Ping Commands and Get Back Structured Data in PHP

Execute Ping Commands and Get Back Structured Data in PHP

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

I Made Kitty Terminal Even More Awesome by Using These 15 Customization Tips and Tweaks

I Made Kitty Terminal Even More Awesome by Using These 15 Customization Tips and Tweaks

Microsoft confirms active cyberattacks on SharePoint servers

How to Manually Check & Install Windows 11 Updates (Best Guide)

CVE-2025-48493 – “Redis AUTH Credentials Exposed in Yii Logs”

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket Tactics

Debian e l’Intelligenza Artificiale: Nuove Discussioni sulla Conformità ai Principi del Software Libero

CVE-2025-5750 – WOLFBOX Level 2 EV Charger TuyaSvcDevosActivateResultParse Heap Buffer Overflow Remote Code Execution Vulnerability

CVE-2025-23122 – Node.js ReadFileUtf8 Memory Leak Denial of Service

Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers

Why Synology’s new NAS drive support policy isn’t as bad as I first thought

CVE-2025-5224 – Campcodes Online Hospital Management System SQL Injection Vulnerability

CVE-2025-46333 – Z2D Stride Compositor Out-of-Bounds Write

Unlocking Business Value with Custom AI Agent Development🤖

CVE-2025-48493 – “Redis AUTH Credentials Exposed in Yii Logs”

Related Posts