CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-58136

Critical Severity
SVRS
78/100
CVSSv3
9.0/10
EPSS
0.00071/1

CVE-2024-58136: Vulnerability in Yii 2 framework leading to potential remote code execution. This critical flaw, a regression from CVE-2024-4990, involves mishandling behavior attachment defined by the '__class' array key. Actively exploited in the wild between February and April 2025, this presents a significant security risk. With a SOCRadar Vulnerability Risk Score (SVRS) of 78, immediate patching is strongly recommended to mitigate potential exploits. The vulnerability falls under CWE-424, which relates to improper access control. This CVE poses a serious threat to applications using the affected versions of the Yii 2 framework, potentially allowing attackers to execute arbitrary code on vulnerable systems.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:H
PR:N
UI:N
S:C
C:H
I:H
A:H
PUBLICATION DATE2025-04-10
LAST MODIFIED2025-04-11
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-58136 describes a vulnerability in Yii 2, specifically in versions prior to 2.0.52. It involves the improper handling of behavior attachment defined by the '__class' array key, representing a regression of CVE-2024-4990. This vulnerability has been actively exploited by hackers in the wild between February and April 2025. While the CVSS score is 9, indicating high severity, the SOCRadar Vulnerability Risk Score (SVRS) is 78, placing it near the critical threshold, highlighting the urgency.

Key Insights

  • Active Exploitation: The CVE is actively exploited by hackers in the wild, signifying immediate risk to systems running vulnerable versions of Yii 2.
  • Regression Vulnerability: CVE-2024-58136 is a regression of CVE-2024-4990, indicating a reintroduction of a previously addressed vulnerability. This makes systems that previously patched CVE-2024-4990 vulnerable again.
  • Behavior Attachment Issue: The core issue lies in the mishandling of behavior attachments defined via the '__class' array key, which allows attackers to potentially inject malicious code through this flawed mechanism.

Mitigation Strategies

  1. Immediate Upgrade: Upgrade Yii 2 to version 2.0.52 or later. This version contains the fix that addresses the vulnerability, preventing further exploitation.
  2. Code Review: Conduct a thorough code review of all Yii 2 applications to identify and remove any instances of vulnerable '__class' behavior attachments.
  3. Web Application Firewall (WAF) Rules: Implement or update WAF rules to detect and block malicious requests targeting the vulnerable '__class' behavior attachment mechanism. This can provide an additional layer of protection while upgrading and patching efforts are underway.

Additional Information

Given the active exploitation of this CVE in the wild, immediate action is critical to prevent potential security breaches. If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-58136 | Yii2 up to 2.0.51 __class improper protection of alternate path
vuldb.com2025-04-10
CVE-2024-58136 | Yii2 up to 2.0.51 __class improper protection of alternate path | A vulnerability was found in Yii2 up to 2.0.51. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument __class leads to improper protection of alternate path. This vulnerability is handled as CVE-2024-58136. The attack may be launched remotely. Furthermore
vuldb.com
rss
forum
news

Social Media

Warning: Critical regression vulnerability for #CVE-2024-58136 affects #Yi 2 PHP framework. CVSS: 9. This vulnerability has been actively exploited since at least February 2025. #Patch #Patch #Patch
0
0
0
@Dinosn 🚨 CVE-2024-58136: Yii 2 Vulnerability Alert! 🚨
1
0
0
Urgent: Yii 2 Vulnerability CVE-2024-58136 Under Active Exploit https://t.co/Qp59KoNbhH
0
0
0
CVE-2024-58136 Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February thr… https://t.co/QHqLpJqSS0
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://github.com/yiisoft/yii2/commit/40fe496eda529fd1d933b56a1022ec32d3cd0b12
[email protected]https://github.com/yiisoft/yii2/compare/2.0.51...2.0.52
[email protected]https://github.com/yiisoft/yii2/pull/20232
[email protected]https://github.com/yiisoft/yii2/pull/20232#issuecomment-2252459709
[email protected]https://www.yiiframework.com/news/709/please-upgrade-to-yii-2-0-52

CWE Details

CWE IDCWE NameDescription
CWE-424Improper Protection of Alternate PathThe product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence