CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-32027

Yii is an open source PHP web framework. Prior to 1.1.31, yiisoft/yii is vulnerable to Reflected XSS in specific scenarios where the fallback error renderer is used. Upgrade yiisoft/yii to version 1.1.31 or higher.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 7.2%

CVSS Severity

CVSS v3 Score 6.1

References

https://github.com/yiisoft/yii/commit/d386d737861c9014269b7ed8c36c65eadb387368
https://github.com/yiisoft/yii/security/advisories/GHSA-7r2v-8wxr-3ch5

Products affected by CVE-2025-32027

Yiiframework » Yii » Version: Any

cpe:2.3:a:yiiframework:yii:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-32027

Products

Pricing

Contact Us