CVE-2025-48955

Name of the Vulnerable Software and Affected Versions Para versions prior to 1.50.8

Description A vulnerability exists in Para, a multitenant backend server/framework for object persistence and retrieval, which exposes both access and secret keys in logs without redaction. These credentials are later reused in variable assignments for persistence but do not require logging for debugging or system health purposes.

Recommendations For versions prior to 1.50.8, update to version 1.50.8 to fix the issue. As a temporary workaround, consider restricting log access to minimize the risk of credential exposure. Avoid logging access and secret keys for debugging or system health purposes until the issue is resolved.