CVE-2025-54068
Published Jul 17, 2025
Last updated 3 months ago
AI description
CVE-2025-54068 is a remote command execution (RCE) vulnerability found in Livewire, a full-stack framework for Laravel. Specifically, it affects Livewire v3 versions up to and including v3.6.3. The vulnerability stems from how certain component property updates are handled during hydration, which could allow unauthenticated attackers to execute arbitrary code. Exploitation requires a component to be mounted and configured in a particular way but does not require authentication or user interaction. The vulnerability lies in the `hydrateForUpdate` method within the `Livewire\Mechanisms\HandleComponents\HandleComponents` class. A specially crafted update payload can bypass validation and sanitization during the hydration process, causing the framework to interpret untrusted input as executable code. This issue has been patched in Livewire v3.6.4, and users are strongly encouraged to upgrade to this version or later as soon as possible. There are no known workarounds.
- Description
- Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is unique to Livewire v3 and does not affect prior major versions. Exploitation requires a component to be mounted and configured in a particular way, but does not require authentication or user interaction. This issue has been patched in Livewire v3.6.4. All users are strongly encouraged to upgrade to this version or later as soon as possible. No known workarounds are available.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- livewire
CVSS 4.0
- Type
- Secondary
- Base score
- 9.2
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Laravel Livewire Code Injection Vulnerability
- Exploit added on
- Mar 20, 2026
- Exploit action due
- Apr 3, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- security-advisories@github.com
- CWE-94
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
CVE-2025-54068 in Laravel Livewire v3 exploited to harvest credentials from 6,167 applications globally, including live payment keys and AWS credentials. https://t.co/UxDPB3SHP6
@f1tym1
27 Jun 2026
57 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#CVE-2025-54068 #Laravel Livewire #Credential_Theft Campaign: 6,000+ #Applications #Compromised https://t.co/LjUIsxUVLt https://t.co/cEpUV2futU
@omvapt
25 Jun 2026
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#threatreport #MediumCompleteness CVE-2025-54068 Laravel Livewire Credential Theft Campaign: 6,000+ Applications Compromised | 23-06-2026 Source: https://t.co/DgfvdwEbeg Key details below ↓ 🎯Victims: E commerce, Healthcare, Financial services, Education, Government, Online
@rst_cloud
25 Jun 2026
206 Impressions
1 Retweet
4 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-54068 Laravel Livewire Credential Theft Campaign: 6,000+ Applications Compromised https://t.co/0eIjAeGsGg
@Dinosn
25 Jun 2026
4675 Impressions
6 Retweets
36 Likes
17 Bookmarks
0 Replies
0 Quotes
A suspected Indonesian threat actor exploited the Laravel Livewire vulnerability (CVE-2025-54068) to steal credentials from over 6,000 web applications. #CyberSecurity #Laravel #CVE202554068 #Vulnerability #Infosec https://t.co/iBrRKHa96T https://t.co/FAbT9yLI0I
@the_yellow_fall
25 Jun 2026
566 Impressions
2 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 Laravel Livewire Under Siege: Inside the #CVE-2025-54068 RCE Campaign That Stole 14,000+ Database Passwords + Video https://t.co/MsjYTUyLTL Educational Purposes!
@UndercodeUpdate
25 Jun 2026
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Laravel Livewireアプリを狙う大規模なサイバー活動について。Imperva社報告。2026/5/24にCVE-2025-54068の悪用を観測。PHPGGCガジェットチェーンを用いてペイロードを作成し、リモートシェルコマンドを実行。 https://t.co/G
@__kokumoto
24 Jun 2026
814 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Laravel Livewireの重大なRCE脆弱性CVE-2025-54068を悪用し、世界中のアプリケーションから認証情報を大量窃取する攻撃キャンペーンが確認された。攻撃者は未修正サーバーで任意コードを実行し、環境設定ファイル
@yousukezan
24 Jun 2026
1680 Impressions
3 Retweets
13 Likes
1 Bookmark
0 Replies
1 Quote
CVE-2025-54068 in Laravel Livewire v3 exploited in months-long campaign harvesting credentials. https://t.co/r86fgo9BZI
@f1tym1
24 Jun 2026
46 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: ‼ #Livewire: rilevato sfruttamento attivo in rete della CVE-2025-54068 Rischio: 🔴 Tipologia: 🔸Remote Code Execution 🔗 https://t.co/Y7EXvfYD1v ⚠ Importante aggiornare i prodotti interessati https://t.co/AzRQVpRwPg
@Vulcanux_
3 Jun 2026
29 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
‼ #Livewire: rilevato sfruttamento attivo in rete della CVE-2025-54068 Rischio: 🔴 Tipologia: 🔸Remote Code Execution 🔗 https://t.co/91lU3kZbas ⚠ Importante aggiornare i prodotti interessati https://t.co/bN1uqYmwba
@csirt_it
3 Jun 2026
155 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54068: CVSS 9.2, no auth required, 130K+ apps affected. Livewire v3 RCE via hydration bypass. No workaround. Upgrade to v3.6.4 now. https://t.co/CrXNIHIFuw
@stackshield
26 May 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Laravel Livewire RCE (CVE-2025-54068) & APP_KEY Leakage PoC. I've just released a repository containing scripts to demonstrate how leaked APP_KEYs can lead to full Remote Code Execution in Laravel Livewire apps. 🔗 https://t.co/pysWALbRbR #Laravel #BugBounty #RCE #CVE
@lu3ky13
4 May 2026
3617 Impressions
13 Retweets
74 Likes
56 Bookmarks
2 Replies
0 Quotes
If you patched CVE-2025-54068 in Livewire, good. If not, here's what the exploit looks like and why upgrading to 3.6.2+ is critical for any production Livewire app. https://t.co/CrXNIHIFuw
@stackshield
3 May 2026
118 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54068 is a critical RCE in Livewire. If you're running Livewire 3.x below 3.6.2, an attacker can execute arbitrary code on your server. Update today. https://t.co/CrXNIHIFuw
@stackshield
21 Apr 2026
108 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical reminder for Laravel teams ⚠️ The recent Livewire RCE (CVE-2025-54068) shows how even popular packages can burn you. Update everything. Validate inputs strictly. Never trust user data. Security isn't optional in 2026. #Laravel #CyberSecurity
@devnzian
8 Apr 2026
87 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Laravel devs: CVE-2025-54068 in Livewire is now on the CISA KEV. Unauthenticated RCE. No login required. Actively exploited. If you use Livewire in production, check your version before your next deploy. #Laravel #AppSec #DevSecOps
@cveriskpilot
27 Mar 2026
140 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54068 is a critical RCE in Livewire. If you're running an affected version, attackers can execute arbitrary code through crafted requests. Check your version now. https://t.co/CrXNIHIFuw
@stackshield
27 Mar 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Laravel Livewire v3 Exploit CVE-2025-54068: Critical RCE in Livewire v3 (up to v3.6.3), CVSS 9.8, no auth required. CISA confirms active exploitation. https://t.co/aYXmkzFwIB
@vulnsurge
26 Mar 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Got pwned by Indonesians exploiting CVE-2025-54068 and as a thank you I'm gonna send take down requests for their whole infra tonight https://t.co/AQYof9tjj7
@SchizoDuckie
25 Mar 2026
1443 Impressions
2 Retweets
18 Likes
2 Bookmarks
2 Replies
0 Quotes
Ip Protocol 1. KEV-DELTA SYNC (MAR 23): •CRITICAL: CISA added CVE-2025-32432 (Craft CMS) and CVE-2025-54068 (Laravel Livewire) to the KEV catalog on Friday, March 20. •PATCH DEADLINE: Federal agencies must remediate by April 3, 2026. •NEW ADDITION: CVE-2026-20131
@SteveAJ777
23 Mar 2026
140 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
We are tracking the giants. 🏛️⚖️ 🔴 DOJ/FBI Takedowns: Tracking the "Aisuru" & "Kimwolf" botnet orphans (3M+ devices) disrupted on March 20. 🔴 CISA KEV: Real-time triggers for March '26 RCEs like Laravel Livewire (CVE-2025-54068). If it’s in the bulletins,
@SteveAJ777
23 Mar 2026
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA adds actively exploited Apple, Craft CMS, and Laravel Livewire flaws to KEV catalog — including CVE-2025-32432 (RCE), CVE-2025-54068 (MuddyWater-linked), and multiple iOS bugs used by DarkSword exploit kit. Federal agencies must patch by April 3, 2026. #CISA #KEV #RCE
@Hermes_tooll
23 Mar 2026
652 Impressions
1 Retweet
2 Likes
2 Bookmarks
0 Replies
0 Quotes
CISA adds actively exploited Apple, Craft CMS, and Laravel Livewire flaws to KEV catalog — including CVE-2025-32432 (RCE), CVE-2025-54068 (MuddyWater-linked), and multiple iOS bugs used by DarkSword exploit kit. Federal agencies must patch by April 3, 2026. #CISA #KEV #RCE
@VivekIntel
22 Mar 2026
197 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA added Craft CMS CVE-2025-32432 (CVSS 10.0) and Laravel Livewire CVE-2025-54068 (CVSS 9.8) to KEV. Both are RCE, both confirmed exploited in the wild. Federal deadline April 3. Patch now. https://t.co/wfDkXa3dkP #infosec
@CybrPulse
22 Mar 2026
117 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54068 : exécution de code à distance sur Laravel Livewire sans authentification. Patcher maintenant, pas demain. https://t.co/MbRQhU8aRf #Laravel #Livewire #CVE https://t.co/oNYlpk8RA6
@MulerTech
22 Mar 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
NEW THREAT INTEL: Laravel Livewire Unauthenticated RCE via Synthesizer Smuggling -- MuddyWater Active Exploitation (CVE-2025-54068). 9 detections, 27 IOCs. https://t.co/uivmH1n5lH #ThreatIntel #CyberSecurity https://t.co/ANJ756p43t
@threadlinqs
22 Mar 2026
92 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Today CVE: CVE-2025-54068 This tends to happen once disclosure hits.
@EdgeDetectOps
21 Mar 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A critical remote command execution vulnerability (CVE-2025-54068) affects `Livewire` applications during component property updates. This RCE flaw impacts `Laravel` environments. Monitor for official #Livewire patches. #infosec https://t.co/lXRUhdQpNp
@pulsepatchio
21 Mar 2026
100 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Atenção, desenvolvedores! A vulnerabilidade CVE-2025-54068 no Laravel Livewire permite a injeção de código, possibilitando execução remota por atacantes não autenticados. 🔒 Aplique as mitig ações do fornecedor ou descontinue o uso do produto! #CyberSecurity #Inf
@fernandokarl
21 Mar 2026
96 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログに5件の脆弱性を追加。Apple社複数製品のCVE-2025-31277、CVE-2025-43510、CVE-2025-43520、Craft CMSのCVE-2025-32432、Laravel LivewireのCVE-202
@__kokumoto
21 Mar 2026
891 Impressions
0 Retweets
5 Likes
3 Bookmarks
1 Reply
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-54068 #Laravel #Livewire Code Injection Vulnerability https://t.co/l7gw7G4YUo
@ScyScan
20 Mar 2026
102 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ CVE-2025-54068: Vulnerabilidad Crítica de Inyección de Código en Laravel Livewire Análisis técnico de la CVE-2025-54068 en Laravel Livewire, una falla de inyección de código con CVSS 9.8 que permite RCE. Impacto, mitigaciones y recomendacione https://t.co/K16jzAmsv
@CiberPlanetaOrg
20 Mar 2026
103 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Alerta de Seguridad: Vulnerabilidad de Inyección de Código en Laravel Livewire (CVE-2025-54068) Vulnerabilidad crítica en Laravel Livewire (CWE-94) permite a atacantes no autenticados inyectar código y lograr ejecución remota de comandos (RCE) en escenarios específi
@CiberPlanetaOrg
20 Mar 2026
99 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-54068: Livewire vulnerable to remote co... Unauthenticated RCE in Laravel's most popular reactive framework - property hydration bypass lets attackers execute arb... https://t.co/od7Zw2i4Xc #netsec #vulnerability #CVE #sysadmin #zeroday
@0dayPublishing
20 Mar 2026
104 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE Alert: CVE-2025-54068 - livewire - livewire - https://t.co/lCHAdNWFXs #OSINT #ThreatIntel #CyberSecurity #cve-2025-54068 #livewire #
@RedPacketSec
20 Mar 2026
120 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I JUST GOT HACKED TLDR: my old Micro SaaS was running smoothly and had a good position in Google. It got hacked because of a vulnerability in an old version of Livewire (v3.4.9) due to CVE-2025-54068. The attacker created tons of spam pages and set up permanent redirects to http
@mehrab_build
19 Feb 2026
15321 Impressions
7 Retweets
90 Likes
87 Bookmarks
11 Replies
2 Quotes
Laravel-livewire RCE (CVE-2025-54068) - Video POC Here is the Exploit Github repo: https://t.co/o3bdvqC1ra ~credit synacktiv For more bugbounty content Join my telegram channel: https://t.co/J6uPf8H57o https://t.co/XxjlowowWt
@darkshadow2bd
8 Feb 2026
9969 Impressions
32 Retweets
176 Likes
130 Bookmarks
3 Replies
1 Quote
LE WEB A CASSÉ en DÉCEMBRE 2025. React2Shell, MongoBleed, Livewire... les piliers d'Internet se sont effondrés. 💥 J'ai invité les chercheurs de chez @Synacktiv, @_Worty et @_remsio_, pour décortiquer la RCE sur Livewire (CVE-2025-54068)🛠️ https://t.co/67QcHXWWLV
@Fransosiche
4 Feb 2026
1962 Impressions
10 Retweets
17 Likes
2 Bookmarks
0 Replies
1 Quote
🚨 CVE-2025-54068 - critical 🚨 Laravel Livewire v3 - Remote Command Execution > Livewire v3 (Laravel) contains a vulnerability in its component hydration/update mech... 👾 https://t.co/RtKjdyBzaR @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
4 Feb 2026
217 Impressions
2 Retweets
5 Likes
4 Bookmarks
0 Replies
0 Quotes
Update your Livewire version! I heard two people report that they were hacked through an old Livewire website. CVE-2025-54068 is now actively exploited. If you're under < 3.6.4, upgrade immediately.
@SRWieZ
28 Jan 2026
139 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
Livewire has a RCE vulnerability (CVE-2025-54068) and people are not talking enough about it. Attackers are silently installing Crypto miners on your servers and you're not even aware about it. If you're using @LaravelLivewire up to 3.6.3 on your @laravelphp website, you most
@triplethata
26 Jan 2026
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 #0day Alert! 🚨 CVE-2025-54068 exploit for #LiveWire Remote Command Execution is now public. ⚡ #CyberSecurity #RCE #Exploit #Vulnerability #InfoSec https://t.co/yBibL6JYWU
@TheExploitLab
24 Jan 2026
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Always keep the targets you find easily accessible, so that when a new vulnerability emerges, you'll definitely come across one of them 🥳🥳🥰🥰 Target: CVE-2025-54068 Tool: https://t.co/ahDmL3YRc0 @intigriti #bugbountytip #bugbountytips #infosec #recon https://t.co/v
@ynsmroztas
23 Jan 2026
6691 Impressions
14 Retweets
121 Likes
92 Bookmarks
0 Replies
0 Quotes
‼️Livepyre: A tool designed to exploit CVE-2025-54068 and Remote Command Execution if the APP_KEY of the Livewire project is known. GitHub: https://t.co/7XOU7YC0Uo Writeup: https://t.co/2KjVJxndu5 CVSS: 9.2 Description: Livewire is a full-stack framework for Laravel. In h
@DarkWebInformer
22 Jan 2026
3317 Impressions
5 Retweets
27 Likes
17 Bookmarks
1 Reply
0 Quotes
🚨 CVE-2025-54068: Unauthenticated RCE in Laravel Livewire v3 ⚠️ Only for educational purposes & ethical hacking 👍 Like, comment & share if this helped! #CyberSecurity #EthicalHacking #CVE #Exploit #PoC #RedTeam #BugBounty #Infosec #Pentesting #OSCP https://t.co/
@r0otk3r
12 Jan 2026
147 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
C'est un beau début d'année pour la FrenchTech avec : 💥 Vulns CVE-2026-21858 et CVE-2025-68613 n8n par @Chocapikk 💥 Vuln Livewire CVE-2025-54068* par @_Worty et @_remsio_ Bravo à vous 🎉 et bonne année 2026 😄 *allez.... fin 2025 c'est presque début 2026 😅
@mynameisv_
9 Jan 2026
424 Impressions
0 Retweets
6 Likes
0 Bookmarks
4 Replies
0 Quotes
CVE-2025-54068 is the #React2Shell of the Laravel world.🚩 Just like Next.js Server Actions, Livewire bridges the frontend/backend gap automatically. But blindly deserializing state from the client? That leads to RCE. 👇Try the exploit via Vulhub: https://t.co/dWjH6HTcif #Vul
@phithon_xg
8 Jan 2026
24470 Impressions
68 Retweets
365 Likes
221 Bookmarks
5 Replies
1 Quote
"🚨 New exploit tool alert: synacktiv/Livepyre targets CVE-2025-54068. \nCheck it out: https://t.co/A9n9p95cmK \n#cybersecurity #exploit #CVE202554068 #infosec"
@dxiadong527
8 Jan 2026
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#exploit #AppSec 1⃣. Livewire: RCE through unmarshaling - https://t.co/sQJ0RjUly5 // critical vulnerability (CVE-2025-54068) in Livewire allows RCE via unsafe object unmarshaling during component hydration, affecting many Laravel projects and patched in v3.6.4+, highlighting t
@ksg93rd
30 Dec 2025
1003 Impressions
0 Retweets
13 Likes
4 Bookmarks
1 Reply
1 Quote
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:laravel:livewire:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A81C21A-76FA-4AF1-B265-01730D15D670",
"versionEndExcluding": "3.6.4",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]