What is the CVSS score of CVE-2025-48493?

CVE-2025-48493 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.1%.

Which versions of Redis are affected by CVE-2025-48493?

CVE-2025-48493 presents notable security risk, a log file exposure vulnerability rated CVSS 6.5. This could allow unauthorized file access.. A patch is available.

How to fix or mitigate CVE-2025-48493?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Review data exposure and access controls.

Redis CVE-2025-48493

EUVD-2025-17007 MEDIUM

Insertion of Sensitive Information into Log File (CWE-532)

2025-06-05 security-advisories@github.com

GHSA-g3p6-82vc-43jh

Information Disclosure Redis Yii2 Redis

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 17:53 euvd

EUVD-2025-17007

Analysis Generated

Mar 14, 2026 - 17:53 vuln.today

Patch released

Mar 14, 2026 - 17:53 nvd

Patch available

CVE Published

Jun 05, 2025 - 17:15 nvd

MEDIUM 6.5

DescriptionNVD

The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, the extension writes commands sequence to logs. Prior to version 2.0.20, AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs. Version 2.0.20 fixes the issue.

Analysis

Technical ContextAI

Information disclosure occurs when an application inadvertently reveals sensitive data to unauthorized actors through error messages, logs, or improper access controls. This vulnerability is classified as Insertion of Sensitive Information into Log File (CWE-532).

RemediationAI

A vendor patch is available — apply it immediately. Implement proper access controls. Sanitize error messages in production. Review logging practices to avoid capturing sensitive data.

CVE-2025-48493 vulnerability details – vuln.today

Back

Redis CVE-2025-48493

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code