Yii and Commvault Under Siege: CISA’s Latest Vulnerability Wake-Up Call
CISA adds Commvault Command Center and Yii framework flaws to its Known Exploited Vulnerabilities Catalog. These vulnerabilities could allow attackers to upload files and execute remote code. CISA orders federal agencies to address these vulnerabilities by May 23, 2025, to protect against potential attacks.
Hot Take:
Looks like CISA is having a vulnerability yard sale and the Yii framework and Commvault Command Center flaws are the latest items up for grabs! With a CVSS score of 10, it’s the cyber equivalent of finding a Picasso in your attic, but unfortunately, not the kind you want hanging around your digital walls.
Key Points:
– CISA has added vulnerabilities from the Yii framework and Commvault Command Center to its Known Exploited Vulnerabilities catalog.
– The Commvault vulnerability, CVE-2025-34028, scores a perfect 10 on the CVSS scale for its path traversal antics.
– Craft CMS users are also in the crosshairs, thanks to a tag-team of Craft CMS and Yii framework vulnerabilities.
– Nearly 13,000 Craft CMS instances connected to over 6,300 IPs are potentially vulnerable.
– Federal agencies have been given a May 23, 2025, deadline to patch these pesky flaws.