CVE-2024-58136CISA KEVEPSS p99.7%

CVE-2024-58136Yiiframework Yii Improper Protection of Alternate Path Vulnerability

Yiiframework / Yii

Description

Yii Framework contains an improper protection of alternate path vulnerability that may allow a remote attacker to execute arbitrary code. This vulnerability could affect other products that implement Yii, including—but not limited to—Craft CMS, as represented by CVE-2025-32432.

Scoring

EPSS87.71% probability of exploitation · percentile 99.7% · 2026-06-17T12:03:21Z

CISA KEV entry

Added to KEV: 2025-05-02

(incoming)1

TypeTargetConfidenceTier
KEVEntryYiiframework Yii Improper Protection of Alternate Path Vulnerabilitykev-cve-2024-581360%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Craft CMS Code Injection Vulnerability
CVE
Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability
CVE
CVE-2025-6384
CVE
CVE-2025-2689
CVE
CVE-2025-25784
CVE
CVE-2025-39491
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.