CVE-2025-48493: CWE-532: Insertion of Sensitive Information into Log File in yiisoft yii2-redis
The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, the extension writes commands sequence to logs. Prior to version 2.0.20, AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs. Version 2.0.20 fixes the issue.
AI Analysis
Technical Summary
CVE-2025-48493 is a medium-severity vulnerability affecting the yii2-redis extension of the Yii framework version prior to 2.0.20. This extension facilitates Redis key-value store support for Yii framework 2.0 applications. The vulnerability arises from the way the extension handles failed Redis connection attempts: it logs the sequence of commands including the AUTH parameters in plaintext. Specifically, when a connection fails, the username and password used for authentication are recorded in the log files without any masking or encryption. This behavior exposes sensitive credentials to anyone with access to these logs, which could be internal users or attackers who have gained partial access to the system. The vulnerability is classified under CWE-532, which concerns the insertion of sensitive information into log files. The CVSS 4.0 base score is 5.1, indicating a medium severity level. The vector indicates network attack vector (AV:N), low attack complexity (AC:L), requiring privileges (PR:H), no user interaction (UI:N), and low impact on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). The scope is limited (SC:L), and the severity is medium. The issue was fixed in version 2.0.20 of yii2-redis, which prevents logging sensitive AUTH credentials. No known exploits are currently reported in the wild. This vulnerability primarily poses a risk when attackers or unauthorized users have access to log files, which could be through lateral movement, insider threats, or misconfigured log access controls. The risk is that exposed credentials could be used to gain unauthorized access to Redis instances, potentially leading to data exposure or manipulation.
Potential Impact
For European organizations using the Yii framework with the yii2-redis extension versions prior to 2.0.20, this vulnerability could lead to credential leakage if logs are accessible to unauthorized parties. Redis is often used as a caching layer or session store, and unauthorized access could allow attackers to manipulate cached data, session information, or application state, potentially leading to data integrity issues or privilege escalation. The exposure of authentication credentials in logs increases the risk of lateral movement within networks if attackers compromise a less privileged system and access logs. This risk is heightened in environments where log files are stored on shared or poorly secured storage or where log retention policies are lax. Given the medium severity and the requirement for some level of privilege to exploit (access to logs), the impact is moderate but could escalate if combined with other vulnerabilities or misconfigurations. European organizations with compliance requirements around data protection (e.g., GDPR) must consider the risk of sensitive credential exposure and potential data breaches resulting from unauthorized Redis access. The vulnerability does not directly lead to remote code execution or denial of service but can be a stepping stone for further attacks.
Mitigation Recommendations
1. Upgrade yii2-redis to version 2.0.20 or later, where the vulnerability is fixed and AUTH parameters are no longer logged in plaintext. 2. Restrict access to log files strictly using file system permissions and access control lists to ensure only authorized personnel and processes can read logs. 3. Implement centralized logging solutions with encryption and access controls to prevent unauthorized log access. 4. Regularly audit logs and access permissions to detect any unauthorized access attempts. 5. Rotate Redis authentication credentials regularly and immediately after any suspected exposure. 6. Monitor Redis server access logs and application logs for unusual authentication failures or access patterns. 7. Consider using environment variables or secure vault solutions to manage Redis credentials, minimizing their exposure in application configurations and logs. 8. Educate developers and system administrators about the risks of logging sensitive information and enforce secure logging practices across the organization.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden
CVE-2025-48493: CWE-532: Insertion of Sensitive Information into Log File in yiisoft yii2-redis
Description
The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, the extension writes commands sequence to logs. Prior to version 2.0.20, AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs. Version 2.0.20 fixes the issue.
AI-Powered Analysis
Technical Analysis
CVE-2025-48493 is a medium-severity vulnerability affecting the yii2-redis extension of the Yii framework version prior to 2.0.20. This extension facilitates Redis key-value store support for Yii framework 2.0 applications. The vulnerability arises from the way the extension handles failed Redis connection attempts: it logs the sequence of commands including the AUTH parameters in plaintext. Specifically, when a connection fails, the username and password used for authentication are recorded in the log files without any masking or encryption. This behavior exposes sensitive credentials to anyone with access to these logs, which could be internal users or attackers who have gained partial access to the system. The vulnerability is classified under CWE-532, which concerns the insertion of sensitive information into log files. The CVSS 4.0 base score is 5.1, indicating a medium severity level. The vector indicates network attack vector (AV:N), low attack complexity (AC:L), requiring privileges (PR:H), no user interaction (UI:N), and low impact on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). The scope is limited (SC:L), and the severity is medium. The issue was fixed in version 2.0.20 of yii2-redis, which prevents logging sensitive AUTH credentials. No known exploits are currently reported in the wild. This vulnerability primarily poses a risk when attackers or unauthorized users have access to log files, which could be through lateral movement, insider threats, or misconfigured log access controls. The risk is that exposed credentials could be used to gain unauthorized access to Redis instances, potentially leading to data exposure or manipulation.
Potential Impact
For European organizations using the Yii framework with the yii2-redis extension versions prior to 2.0.20, this vulnerability could lead to credential leakage if logs are accessible to unauthorized parties. Redis is often used as a caching layer or session store, and unauthorized access could allow attackers to manipulate cached data, session information, or application state, potentially leading to data integrity issues or privilege escalation. The exposure of authentication credentials in logs increases the risk of lateral movement within networks if attackers compromise a less privileged system and access logs. This risk is heightened in environments where log files are stored on shared or poorly secured storage or where log retention policies are lax. Given the medium severity and the requirement for some level of privilege to exploit (access to logs), the impact is moderate but could escalate if combined with other vulnerabilities or misconfigurations. European organizations with compliance requirements around data protection (e.g., GDPR) must consider the risk of sensitive credential exposure and potential data breaches resulting from unauthorized Redis access. The vulnerability does not directly lead to remote code execution or denial of service but can be a stepping stone for further attacks.
Mitigation Recommendations
1. Upgrade yii2-redis to version 2.0.20 or later, where the vulnerability is fixed and AUTH parameters are no longer logged in plaintext. 2. Restrict access to log files strictly using file system permissions and access control lists to ensure only authorized personnel and processes can read logs. 3. Implement centralized logging solutions with encryption and access controls to prevent unauthorized log access. 4. Regularly audit logs and access permissions to detect any unauthorized access attempts. 5. Rotate Redis authentication credentials regularly and immediately after any suspected exposure. 6. Monitor Redis server access logs and application logs for unusual authentication failures or access patterns. 7. Consider using environment variables or secure vault solutions to manage Redis credentials, minimizing their exposure in application configurations and logs. 8. Educate developers and system administrators about the risks of logging sensitive information and enforce secure logging practices across the organization.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-05-22T12:11:39.121Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 6841c953182aa0cae2e70b16
Added to database: 6/5/2025, 4:44:03 PM
Last enriched: 7/7/2025, 3:57:46 PM
Last updated: 8/15/2025, 11:42:28 AM
Views: 13
Related Threats
CVE-2025-9107: Cross Site Scripting in Portabilis i-Diario
MediumCVE-2025-9106: Cross Site Scripting in Portabilis i-Diario
MediumCVE-2025-9105: Cross Site Scripting in Portabilis i-Diario
MediumCVE-2025-9104: Cross Site Scripting in Portabilis i-Diario
MediumCVE-2025-9102: Improper Export of Android Application Components in 1&1 Mail & Media mail.com App
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.