CVE-2025-48493

Name of the Vulnerable Software and Affected Versions Yii 2 Redis extension versions prior to 2.0.20

Description The issue concerns the logging of commands when a connection fails in the Yii 2 Redis extension. Specifically, prior to version 2.0.20, AUTH parameters are written in plain text, exposing the username and password. This could be problematic if an attacker gains access to the logs.

Recommendations For versions prior to 2.0.20, update to version 2.0.20 to resolve the issue. As a temporary workaround, consider restricting access to the logs to minimize the risk of exploitation.