CVE-2024-58136CISA KEV: Actively Exploited

Yiiframework Yii Improper Protection of Alternate Path Vulnerability

Published May 2, 2025·Updated May 2, 2025

Description

Yii Framework contains an improper protection of alternate path vulnerability that may allow a remote attacker to execute arbitrary code. This vulnerability could affect other products that implement Yii, including—but not limited to—Craft CMS, as represented by CVE-2025-32432.

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free