CVE-2025-32027
published 2025-04-10CVE-2025-32027: Yii is an open source PHP web framework. Prior to 1.1.31, yiisoft/yii is vulnerable to Reflected XSS in specific scenarios where the fallback error renderer is…
PriorityP422medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.20%
10.2th percentile
Yii is an open source PHP web framework. Prior to 1.1.31, yiisoft/yii is vulnerable to Reflected XSS in specific scenarios where the fallback error renderer is used. Upgrade yiisoft/yii to version 1.1.31 or higher.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| yiiframework | yii | < 1.1.31 | 1.1.31 |
| yiisoft | yii | < 1.1.31 | 1.1.31 |
| yiisoft | yii | >= 0 < 1.1.31 | 1.1.31 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Yii does not prevent XSS in scenarios where fallback error renderer is used
osv·2025-04-11
CVE-2025-32027 [MEDIUM] Yii does not prevent XSS in scenarios where fallback error renderer is used
Yii does not prevent XSS in scenarios where fallback error renderer is used
### Impact
Affected versions of yiisoft/yii are vulnerable to Reflected XSS in specific scenarios where the fallback error renderer is used.
### Patches
Upgrade yiisoft/yii to version 1.1.31 or higher.
### References
- [Git commit](https://github.com/yiisoft/yii/commit/d386d737861c9014269b7ed8c36c65eadb387368)
If you have any questions or comments about this advisory, [contact us through security form](https://www.yiiframework.com/security).
GHSA
Yii does not prevent XSS in scenarios where fallback error renderer is used
ghsa·2025-04-11
CVE-2025-32027 [MEDIUM] CWE-79 Yii does not prevent XSS in scenarios where fallback error renderer is used
Yii does not prevent XSS in scenarios where fallback error renderer is used
### Impact
Affected versions of yiisoft/yii are vulnerable to Reflected XSS in specific scenarios where the fallback error renderer is used.
### Patches
Upgrade yiisoft/yii to version 1.1.31 or higher.
### References
- [Git commit](https://github.com/yiisoft/yii/commit/d386d737861c9014269b7ed8c36c65eadb387368)
If you have any questions or comments about this advisory, [contact us through security form](https://www.yiiframework.com/security).
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-04-10
Published