- Description
- The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, the extension writes commands sequence to logs. Prior to version 2.0.20, AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs. Version 2.0.20 fixes the issue.
- Source
- security-advisories@github.com
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 5.1
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
- security-advisories@github.com
- CWE-532
- Hype score
- Not currently trending
CVE-2025-48493 Plaintext Password Exposure in Yii 2 Redis Extension Before 2.0.20 https://t.co/TX1GlXCnBX Vulnerability Notification: https://t.co/xhLrNnfyrO
@VulmonFeeds
5 Jun 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-48493 The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, the extension writes commands sequence to logs.… https://t.co/m9oKQ49qsI
@CVEnew
5 Jun 2025
276 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes