CVE-2025-1979 in rayinformación

Resumen

por MITRE • 2025-03-06

Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. If the redis password is passed as an argument, it will be logged and could potentially leak the password.

This is only exploitable if:

1) Logging is enabled;

2) Redis is using password authentication;

3) Those logs are accessible to an attacker, who can reach that redis instance.

**Note:**

It is recommended that anyone who is running in this configuration should update to the latest version of Ray, then rotate their redis password.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

Snyk

Reservar

2025-03-05

Divulgación

2025-03-06

Moderación

aceptado

Artículo

VDB-298739

CPE

listo

CWE

CWE-532 (confirmado)

CVSS

6.4 (CNA)

EPSS

0.00060

KEV

Actividades

muy bajo

Fuentes

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-1979
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-1979
CVE Details	https://www.cvedetails.com/cve/CVE-2025-1979/

◂ Anterior Visión De Conjunto Próximo ▸

Interested in the pricing of exploits?

See the underground prices here!