Livewire Flaw Puts Millions of Laravel Apps at Risk of RCE Attacks
Posted: Wed Jul 23, 2025 12:35 am
A critical vulnerability discovered in Livewire, a popular full-stack framework for Laravel applications, exposes millions of web properties to unauthenticated remote command execution attacks.
Tracked as CVE-2025-54068, the flaw resides in Livewire versions from 3.0.0-beta.1 up to 3.6.3 and stems from the way certain component property updates are hydrated, allowing an attacker to inject and execute arbitrary commands on the server.
https://gbhackers.com/livewire-flaw-of-rce-attacks/
Tracked as CVE-2025-54068, the flaw resides in Livewire versions from 3.0.0-beta.1 up to 3.6.3 and stems from the way certain component property updates are hydrated, allowing an attacker to inject and execute arbitrary commands on the server.
https://gbhackers.com/livewire-flaw-of-rce-attacks/