Home > Vulnerability Database > CVE-2025-1979

Mend.io Vulnerability Database

CVE-2025-1979

Good to know:

Date: March 6, 2025

Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. If the redis password is passed as an argument, it will be logged and could potentially leak the password. This is only exploitable if: 1) Logging is enabled; 2) Redis is using password authentication; 3) Those logs are accessible to an attacker, who can reach that redis instance. Note: It is recommended that anyone who is running in this configuration should update to the latest version of Ray, then rotate their redis password.

Severity Score

6.4

Related Resources (7)

Url: https://github.com/ray-project/ray

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-1979

Url: https://github.com/ray-project/ray/commit/64a2e4010522d60b90c389634f24df77b603d85d

Url: https://github.com/pypa/advisory-database/tree/main/vulns/ray/PYSEC-2025-23.yaml

Url: https://github.com/ray-project/ray/issues/50266

Url: https://github.com/ray-project/ray/pull/50409

Url: https://www.mend.io/vulnerability-database/CVE-2025-1979

Severity Score

6.4

Weakness Type (CWE)

Insertion of Sensitive Information into Log File

CWE-532

Top Fix

Upgrade Version

Upgrade to version ray - 2.43.0

Learn More

CVSS v3.1

Base Score:	6.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-1979

Good to know:

Date: March 6, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?