Critical Vulnerability Information Vulnerability Overview CWE ID: CWE-532 (Insertion of Sensitive Information into Log File) CVSS Score: 6.2 (Medium) CVE ID: CVE-2025-49009 Affected Scope Affected Package: (Maven) Affected Versions: <1.50.8 Fixed Version: 1.50.8 Description Affected Component: Facebook Authentication Logging Version: Para v1.50.6 File Path: Vulnerable Line: Line 184 ( with raw access token) Technical Details The vulnerability resides in the file. When a request to the Facebook user profile endpoint fails, the following log statement is triggered: is a constant: This results in the full request URL being logged, including the user's access token in plaintext. Since warning-level logs are typically retained in production environments and may be accessible to operators or log aggregation systems, this poses a risk of token exposure. CVSS v3 Base Metrics Attack Vector: Local Attack Complexity: Low Required Privileges: None User Interaction: None Scope: Unchanged Confidentiality Impact: High Integrity Impact: None Availability Impact: None