icon

We found results for “

CVE-2025-49009

Good to know:

icon
icon

Date: June 5, 2025

Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 in "FacebookAuthFilter.java" results in a full request URL being logged during a failed request to a Facebook user profile. The log includes the user's access token in plain text. Since WARN-level logs are often retained in production and accessible to operators or log aggregation systems, this poses a risk of token exposure. Version 1.50.8 fixes the issue.

Severity Score

Severity Score

Weakness Type (CWE)

Insertion of Sensitive Information into Log File

CWE-532

Top Fix

icon

Upgrade Version

Upgrade to version com.erudika:para-server:1.50.8

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us