PT-2025-12564 · Yiisoft+1 · Yii2+1

Gaorenyusi

Published

2025-03-17

Updated

2025-03-24

CVE-2025-2689

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions yiisoft Yii2 versions up to 2.0.45

Description A critical issue has been found, affecting the getIterator function of the file symfonyfinderIteratorSortableIterator.php. This issue leads to deserialization and can be exploited remotely.

Recommendations For versions up to 2.0.45, update to a version higher than 2.0.45 to resolve the issue. As a temporary workaround, consider restricting access to the getIterator function of the SortableIterator.php file until a patch is available.

Exploit

Fix

RCE

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-502

Related Identifiers

BDU:2025-06237

CVE-2025-2689

GHSA-88M2-J94X-V4FX

Affected Products

Symfony Finder

Yii2

PT-2025-12564 · Yiisoft+1 · Yii2+1

CVE-2025-2689

Weakness Enumeration

Related Identifiers

Affected Products

References · 13