Remote Command Execution Vulnerability in Livewire Framework from Laravel
CVE-2025-54068
Key Information:
Badges
What is CVE-2025-54068?
CVE-2025-54068 is a significant vulnerability identified in the Livewire framework, which is designed for building dynamic user interfaces with Laravel, a popular PHP framework. This particular flaw exists in Livewire versions up to and including v3.6.3, allowing unauthenticated attackers to execute arbitrary commands remotely under specific conditions. The vulnerability arises from issues in how component property updates are handled, leading to potential command execution without requiring any authentication or user interaction. This can critically undermine the security posture of organizations relying on Livewire for their applications, allowing attackers to manipulate server behaviors and potentially gain unauthorized access to sensitive data or system functionality.
Potential impact of CVE-2025-54068
-
Unauthorized Remote Command Execution: The vulnerability allows attackers to execute commands on the server without needing authentication. This could lead to complete takeover of the affected application, enabling malicious actors to run arbitrary code and take further actions against the organization.
-
Data Breach Risks: Exploitation of this vulnerability may expose sensitive application data to unauthorized users. Attackers can access, modify, or exfiltrate sensitive data, leading to potential compliance violations and reputational damage.
-
Increased Attack Surface: Given that exploitation does not require user interaction or authentication, the vulnerability presents a broader attack surface. This raises concerns for ongoing application monitoring and security hygiene, as attackers could exploit this flaw to facilitate further attacks or spread malware within the network.
CISA has reported CVE-2025-54068
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-54068 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
livewire >= 3.0.0-beta.1, < 3.6.4
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
The Hacker NewsCISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026
CISA adds 5 exploited flaws (CVSS up to 10.0) to KEV, mandates April 3, 2026 patching to prevent malware and espionage attacks.
4 hours ago
Red Hot CyberCVE-2025-54068Livewire Vulnerability Exposed: 130k Apps at Risk of Remote Code Execution
Discover the critical Livewire vulnerability (CVE-2025-54068) that puts 130k apps at risk of remote code execution. Learn how to protect your Laravel application now.
References
EPSS Score
15% chance of being exploited in the next 30 days.
CVSS V4
Timeline
- π¦
CISA Reported
- π₯
Vulnerability reached the number 1 worldwide trending spot
- π°
First article discovered by Red Hot Cyber
- π
Vulnerability started trending
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved