CVE-2024-11235
⚠️ highSummary
In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the script, it could lead to remote code execution.
CVSS Score
8.1
High
EPSS Score
1.5
Exploit Probability
Published Date
2025-04-04
First Seen: 2026-01-05
📊 Relative Risk Intelligence
This CVE is High Risk - more severe than 77.4% of all 329,456 vulnerabilities in our database.
#74,337
Top 25% most severe
Severity Percentile
🎯 CISA SSVC Assessment Updated: Apr 4, 2025
🔍 Exploitation Status
Poc
Proof-of-concept available
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
🏆 Discovered By
Junwha Hong (reporter)
SSVC data provided by
CISA
Last Modified
2025-04-30
Source
NVD 🔗
CVSS Vector 3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Vector 4.0
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber
CWE IDs (Weakness Types)