CVE Daily

CVE-2025-24779

Deserialization of Untrusted Data vulnerability in NooTheme Yogi allows Object I...

High CVSS 8.8

Overview

Deserialization of Untrusted Data vulnerability in NooTheme Yogi allows Object Injection. This issue affects Yogi: from n/a through 2.9.0.

CWE: CWE-502 Published: 2025-07-16T12:15:23.660
Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 8.8 (HIGH)
  • Detected tags: deserialization (tag impact: MODERATE)

Recommended actions:

  • Avoid untrusted deserialization; prefer safe formats (JSON) and signatures.

Recommended tools

Tags