Medium severity6.5NVD Advisory· Published Jun 5, 2025· Updated Jun 17, 2026
CVE-2025-48493
CVE-2025-48493
Description
The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, the extension writes commands sequence to logs. Prior to version 2.0.20, AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs. Version 2.0.20 fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
yiisoft/yii2-redisPackagist | < 2.0.20 | 2.0.20 |
Affected products
2- yiisoft/yii2-redisv5Range: < 2.0.20
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.