Moderate severityNVD Advisory· Published Mar 24, 2025· Updated Mar 24, 2025

yiisoft Yii2 SortableIterator.php getIterator deserialization

CVE-2025-2689

Description

A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45. Affected by this issue is the function getIterator of the file symfony\finder\Iterator\SortableIterator.php. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
yiisoft/yii2-devPackagist	<= 2.0.45	—

Affected products

ghsa-coords
pkg:composer/yiisoft/yii2-dev
Range: <= 2.0.45
Yiisoft/Yiisoft/yii2cpe-rescue
Range: 2.0.0

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/gaorenyusi/gaorenyusi/blob/main/Yii2.mdghsaexploitWEB
github.com/advisories/GHSA-88m2-j94x-v4fxghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-2689ghsaADVISORY
vuldb.comghsathird-party-advisoryWEB
vuldb.comghsasignaturepermissions-requiredWEB
vuldb.comghsavdb-entrytechnical-descriptionWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000