<ul><li>U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Yii Framework and Commvault Command Center flaws to its Known Exploited Vulnerabilities catalog.</li><li>Commvault Command Center Path Traversal Vulnerability (CVE-2025-34028) and Yiiframework Yii Improper Protection of Alternate Path Vulnerability (CVE-2024-58136) were among the vulnerabilities added.</li><li>Threat actors exploited Craft CMS vulnerabilities, including an RCE in Craft CMS and an input validation flaw in the Yii framework, to upload a PHP file manager and compromise servers.</li><li>CISA orders federal agencies to fix the vulnerabilities by May 23, 2025, following the Binding Operational Directive 22-01 to address Known Exploited Vulnerabilities.</li></ul>

U.S. CISA adds Yii Framework and Commvault Command Center flaws to its Known Exploited Vulnerabilities catalog

Discover more