🔴 CVE-2024-58136

Critical vulnerability in Yii 2 framework involving improper protection of behavior attachment mechanism. This is a regression of CVE-2024-4990 that allows remote code execution and has been actively exploited in the wild according to CISA KEV listing.

← Back to Overview
HIGH_RISK
Risk Level
9.0
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
VERY_HIGH
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-04-10

Added to CISA KEV: 2025-05-02 22 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2024-58136 is a critical remote code execution (RCE) vulnerability affecting the Yii 2 PHP framework [1] [3]. It is a regression of a previously patched vulnerability, CVE-2024-4990, involving the mishandling of behavior attachments defined by an `__class` array key [2] [4].

Key Details
FeatureDescription
Vulnerability TypeRemote Code Execution (RCE) [1]
CVSS Score9.8 (Critical) [1]
Affected VersionsYii 2 before 2.0.52 [2]
Exploitation StatusConfirmed active exploitation in the wild (Feb–Apr 2025) [2]
MitigationUpgrade to Yii 2 version 2.0.52 or later [1]
Analysis and Impact
  • Active Exploitation: The vulnerability was actively exploited in the wild between February and April 2025 [2].
  • Attack Method: The flaw exists because the framework improperly handles behavior attachments when defined via an `__class` array key, allowing attackers to bypass previous security controls and achieve code execution [4] [5].
  • Access/Impact: Successful exploitation grants an attacker the ability to execute arbitrary code on the underlying server, typically leading to a full system compromise [1].
  • Exploit Availability: Technical analyses, including deep dives into the exploit mechanism and mitigation strategies, have been published by security researchers and platforms like AttackerKB, making the nature of the exploit well-documented for the security community [3] [6].
  • Targeted Attacks/Ransomware: While the vulnerability was exploited in the wild, specific attribution to ransomware campaigns or targeted advanced persistent threat (APT) groups is not explicitly detailed in standard CVE databases, though its critical nature makes it a high-value target for such actors.

Sources

  1. NVD - CVE-2024-58136

    CVE-2024-58136 is a critical security flaw in Yii 2 framework that allows remote code execution. The vulnerability was exploited in the wild in February through April 2025 and has a CVSS score of 9.8. See NVD for more information, references, and mitigations.

  2. yiisoft/yii2 - CVE-2024-58136 · GitHub Advisory Database

    Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in ... Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in…

  3. From Behaviors to Shells: Yii2 PHP Framework RCE | CVE-2024 ...

    CVE-2024–58136 is a critical remote code execution (RCE) vulnerability in the Yii2 PHP framework. It affects applications that allow behaviors to be attached ...

  4. CVE-2024-58136: The Doppelgänger Class: How a Failed Fix in Yii 2 Led ...

    CVE-2024-58136 is not just a vulnerability; it is a masterclass in how 'patching' can sometimes just mean 'moving the target.' In July 2024, the Yii team patched a critical RCE (CVE-2024-4990) involving behavior attachments.

  5. CVE-2024-58136 - Yii2 Behavior Attach Bypass & Wild Exploitation ...

    Dubbed CVE-2024-58136, this bug is a regression of a previously patched issue (CVE-2024-499). This new flaw affects Yii 2 before version 2..52, and it’s already seen real-world exploitation. Here’s an exclusive deep dive, written for everyday developers who want to understand the flaw, see example c…

  6. CVE-2024-58136 - AttackerKB

    Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited ...

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed