Medium severity6.2OSV Advisory· Published Jun 2, 2025· Updated Apr 15, 2026
CVE-2025-48955
CVE-2025-48955
Description
Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 exposes both access and secret keys in logs without redaction. These credentials are later reused in variable assignments for persistence but do not require logging for debugging or system health purposes. Version 1.50.8 fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.erudika:para-serverMaven | < 1.50.8 | 1.50.8 |
Affected products
2Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.