CVE-2025-49009

Name of the Vulnerable Software and Affected Versions Para versions prior to 1.50.8

Description A vulnerability exists in the FacebookAuthFilter.java file, resulting in the full request URL being logged during a failed request to a Facebook user profile. The log includes the user's access token in plain text, posing a risk of token exposure since WARN-level logs are often retained in production and accessible to operators or log aggregation systems.

Recommendations For versions prior to 1.50.8, update to version 1.50.8 to fix the issue. As a temporary workaround, consider restricting access to the logs to minimize the risk of token exposure.