CVE DATABASE / CVE-2024-58136
CVE-2024-58136
Yiiframework Yii Improper Protection of Alternate Path Vulnerability
Confirmed exploited in the wild. Added 2025-05-02.
Federal remediation due 2025-05-23.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Summary
Yii Framework contains an improper protection of alternate path vulnerability that may allow a remote attacker to execute arbitrary code. This vulnerability could affect other products that implement Yii, including—but not limited to—Craft CMS, as represented by CVE-2025-32432.
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
Data: NIST NVD + CISA KEV. Always verify against the vendor advisory before acting.