Medium severity6.2NVD Advisory· Published Jun 2, 2025· Updated Apr 15, 2026

CVE-2025-48955

Description

Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 exposes both access and secret keys in logs without redaction. These credentials are later reused in variable assignments for persistence but do not require logging for debugging or system health purposes. Version 1.50.8 fixes the issue.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
com.erudika:para-serverMaven	< 1.50.8	1.50.8

Patches

9e782bef879a

https://github.com/erudika/paravia osv

1e8a89558542

https://github.com/erudika/paravia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-v75g-77vf-6jjqghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-48955ghsaADVISORY
github.com/Erudika/para/commit/1e8a89558542854bb0683ab234c4429ad93b0835nvdWEB
github.com/Erudika/para/security/advisories/GHSA-v75g-77vf-6jjqnvdWEB

News mentions

No linked articles in our index yet.

cvss	0.403
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000