CVE-2024-58136

ENISA EUVD: EUVD-2025-10502 ↗
Exploited in the Wild ✓ Confirmed 0-Day
Triaged: March 5, 2026 2 articles Published: 2025-04-10
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23
78.95%
probability
This CVE has a 78.95% probability of being exploited in the next 30 days.
0% Top 99.1th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)
9
CRITICAL
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)
Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025.

Affected Products

yiiframework
Yii
2

Attack Intelligence

Signal Intelligence

Confidence
85%
EPSS 78.95%
CVSS v3.1 9
Mentions 2
Last Seen Apr 25, 2025

CNA Information

CNA Assigner
mitre

Analyst Note

CVE-2024-58136 explicitly states exploitation 'in the wild in February through April 2025' with CVE published 2025-04-10, indicating active attacks preceded or coincided with patch availability. However, lack of Google Project Zero or CISA KEV listing and limited article coverage slightly reduces confidence from maximum.

Triage Info

Decided atMar 05, 2026
Published DateApr 10, 2025