CVE-2025-48493 – “Redis AUTH Credentials Exposed in Yii Logs”

CVE ID : CVE-2025-48493

Published : June 5, 2025, 5:15 p.m. | 1 hour, 25 minutes ago

Description : The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, the extension writes commands sequence to logs. Prior to version 2.0.20, AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs. Version 2.0.20 fixes the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…