icon

We found results for “

CVE-2025-48955

Good to know:

icon
icon

Date: June 2, 2025

Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 exposes both access and secret keys in logs without redaction. These credentials are later reused in variable assignments for persistence but do not require logging for debugging or system health purposes. Version 1.50.8 fixes the issue.

Severity Score

Severity Score

Weakness Type (CWE)

Insertion of Sensitive Information into Log File

CWE-532

Top Fix

icon

Upgrade Version

Upgrade to version com.erudika:para-server:1.50.8

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us