Known exploited
Yiiframework
CVE published 2025-05-02
CVE-2024-58136
CVE-2024-58136 is a Yii framework issue described as improper protection of an alternate path. CISA added it to the Known Exploited Vulnerabilities catalog on 2025-05-02, so defenders should treat it as an actively exploited risk. The vendor-linked guidance points to upgrading to Yii 2.0.52, and CISA directs organizations to apply mitigations per the vendor, follow applicable BOD 22-01 guidance for cloud [truncated]