CVE-2025-54068
Published Jul 17, 2025
Last updated 2 months ago
AI description
CVE-2025-54068 is a remote command execution (RCE) vulnerability found in Livewire, a full-stack framework for Laravel. Specifically, it affects Livewire v3 versions up to and including v3.6.3. The vulnerability stems from how certain component property updates are handled during hydration, which could allow unauthenticated attackers to execute arbitrary code. Exploitation requires a component to be mounted and configured in a particular way but does not require authentication or user interaction. The vulnerability lies in the `hydrateForUpdate` method within the `Livewire\Mechanisms\HandleComponents\HandleComponents` class. A specially crafted update payload can bypass validation and sanitization during the hydration process, causing the framework to interpret untrusted input as executable code. This issue has been patched in Livewire v3.6.4, and users are strongly encouraged to upgrade to this version or later as soon as possible. There are no known workarounds.
- Description
- Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is unique to Livewire v3 and does not affect prior major versions. Exploitation requires a component to be mounted and configured in a particular way, but does not require authentication or user interaction. This issue has been patched in Livewire v3.6.4. All users are strongly encouraged to upgrade to this version or later as soon as possible. No known workarounds are available.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- livewire
CVSS 4.0
- Type
- Secondary
- Base score
- 9.2
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Laravel Livewire Code Injection Vulnerability
- Exploit added on
- Mar 20, 2026
- Exploit action due
- Apr 3, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- security-advisories@github.com
- CWE-94
- Hype score
- Not currently trending
Laravel Livewire RCE (CVE-2025-54068) & APP_KEY Leakage PoC. I've just released a repository containing scripts to demonstrate how leaked APP_KEYs can lead to full Remote Code Execution in Laravel Livewire apps. 🔗 https://t.co/pysWALbRbR #Laravel #BugBounty #RCE #CVE
@lu3ky13
4 May 2026
3617 Impressions
13 Retweets
74 Likes
56 Bookmarks
2 Replies
0 Quotes
If you patched CVE-2025-54068 in Livewire, good. If not, here's what the exploit looks like and why upgrading to 3.6.2+ is critical for any production Livewire app. https://t.co/CrXNIHIFuw
@stackshield
3 May 2026
118 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54068 is a critical RCE in Livewire. If you're running Livewire 3.x below 3.6.2, an attacker can execute arbitrary code on your server. Update today. https://t.co/CrXNIHIFuw
@stackshield
21 Apr 2026
108 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical reminder for Laravel teams ⚠️ The recent Livewire RCE (CVE-2025-54068) shows how even popular packages can burn you. Update everything. Validate inputs strictly. Never trust user data. Security isn't optional in 2026. #Laravel #CyberSecurity
@devnzian
8 Apr 2026
87 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Laravel devs: CVE-2025-54068 in Livewire is now on the CISA KEV. Unauthenticated RCE. No login required. Actively exploited. If you use Livewire in production, check your version before your next deploy. #Laravel #AppSec #DevSecOps
@cveriskpilot
27 Mar 2026
140 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54068 is a critical RCE in Livewire. If you're running an affected version, attackers can execute arbitrary code through crafted requests. Check your version now. https://t.co/CrXNIHIFuw
@stackshield
27 Mar 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Laravel Livewire v3 Exploit CVE-2025-54068: Critical RCE in Livewire v3 (up to v3.6.3), CVSS 9.8, no auth required. CISA confirms active exploitation. https://t.co/aYXmkzFwIB
@vulnsurge
26 Mar 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Got pwned by Indonesians exploiting CVE-2025-54068 and as a thank you I'm gonna send take down requests for their whole infra tonight https://t.co/AQYof9tjj7
@SchizoDuckie
25 Mar 2026
1443 Impressions
2 Retweets
18 Likes
2 Bookmarks
2 Replies
0 Quotes
Ip Protocol 1. KEV-DELTA SYNC (MAR 23): •CRITICAL: CISA added CVE-2025-32432 (Craft CMS) and CVE-2025-54068 (Laravel Livewire) to the KEV catalog on Friday, March 20. •PATCH DEADLINE: Federal agencies must remediate by April 3, 2026. •NEW ADDITION: CVE-2026-20131
@SteveAJ777
23 Mar 2026
140 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
We are tracking the giants. 🏛️⚖️ 🔴 DOJ/FBI Takedowns: Tracking the "Aisuru" & "Kimwolf" botnet orphans (3M+ devices) disrupted on March 20. 🔴 CISA KEV: Real-time triggers for March '26 RCEs like Laravel Livewire (CVE-2025-54068). If it’s in the bulletins,
@SteveAJ777
23 Mar 2026
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA adds actively exploited Apple, Craft CMS, and Laravel Livewire flaws to KEV catalog — including CVE-2025-32432 (RCE), CVE-2025-54068 (MuddyWater-linked), and multiple iOS bugs used by DarkSword exploit kit. Federal agencies must patch by April 3, 2026. #CISA #KEV #RCE
@Hermes_tooll
23 Mar 2026
652 Impressions
1 Retweet
2 Likes
2 Bookmarks
0 Replies
0 Quotes
CISA adds actively exploited Apple, Craft CMS, and Laravel Livewire flaws to KEV catalog — including CVE-2025-32432 (RCE), CVE-2025-54068 (MuddyWater-linked), and multiple iOS bugs used by DarkSword exploit kit. Federal agencies must patch by April 3, 2026. #CISA #KEV #RCE
@VivekIntel
22 Mar 2026
197 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA added Craft CMS CVE-2025-32432 (CVSS 10.0) and Laravel Livewire CVE-2025-54068 (CVSS 9.8) to KEV. Both are RCE, both confirmed exploited in the wild. Federal deadline April 3. Patch now. https://t.co/wfDkXa3dkP #infosec
@CybrPulse
22 Mar 2026
117 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54068 : exécution de code à distance sur Laravel Livewire sans authentification. Patcher maintenant, pas demain. https://t.co/MbRQhU8aRf #Laravel #Livewire #CVE https://t.co/oNYlpk8RA6
@MulerTech
22 Mar 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
NEW THREAT INTEL: Laravel Livewire Unauthenticated RCE via Synthesizer Smuggling -- MuddyWater Active Exploitation (CVE-2025-54068). 9 detections, 27 IOCs. https://t.co/uivmH1n5lH #ThreatIntel #CyberSecurity https://t.co/ANJ756p43t
@threadlinqs
22 Mar 2026
92 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Today CVE: CVE-2025-54068 This tends to happen once disclosure hits.
@EdgeDetectOps
21 Mar 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A critical remote command execution vulnerability (CVE-2025-54068) affects `Livewire` applications during component property updates. This RCE flaw impacts `Laravel` environments. Monitor for official #Livewire patches. #infosec https://t.co/lXRUhdQpNp
@pulsepatchio
21 Mar 2026
100 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Atenção, desenvolvedores! A vulnerabilidade CVE-2025-54068 no Laravel Livewire permite a injeção de código, possibilitando execução remota por atacantes não autenticados. 🔒 Aplique as mitig ações do fornecedor ou descontinue o uso do produto! #CyberSecurity #Inf
@fernandokarl
21 Mar 2026
96 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログに5件の脆弱性を追加。Apple社複数製品のCVE-2025-31277、CVE-2025-43510、CVE-2025-43520、Craft CMSのCVE-2025-32432、Laravel LivewireのCVE-202
@__kokumoto
21 Mar 2026
891 Impressions
0 Retweets
5 Likes
3 Bookmarks
1 Reply
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-54068 #Laravel #Livewire Code Injection Vulnerability https://t.co/l7gw7G4YUo
@ScyScan
20 Mar 2026
102 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ CVE-2025-54068: Vulnerabilidad Crítica de Inyección de Código en Laravel Livewire Análisis técnico de la CVE-2025-54068 en Laravel Livewire, una falla de inyección de código con CVSS 9.8 que permite RCE. Impacto, mitigaciones y recomendacione https://t.co/K16jzAmsv
@CiberPlanetaOrg
20 Mar 2026
103 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Alerta de Seguridad: Vulnerabilidad de Inyección de Código en Laravel Livewire (CVE-2025-54068) Vulnerabilidad crítica en Laravel Livewire (CWE-94) permite a atacantes no autenticados inyectar código y lograr ejecución remota de comandos (RCE) en escenarios específi
@CiberPlanetaOrg
20 Mar 2026
99 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-54068: Livewire vulnerable to remote co... Unauthenticated RCE in Laravel's most popular reactive framework - property hydration bypass lets attackers execute arb... https://t.co/od7Zw2i4Xc #netsec #vulnerability #CVE #sysadmin #zeroday
@0dayPublishing
20 Mar 2026
104 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE Alert: CVE-2025-54068 - livewire - livewire - https://t.co/lCHAdNWFXs #OSINT #ThreatIntel #CyberSecurity #cve-2025-54068 #livewire #
@RedPacketSec
20 Mar 2026
120 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I JUST GOT HACKED TLDR: my old Micro SaaS was running smoothly and had a good position in Google. It got hacked because of a vulnerability in an old version of Livewire (v3.4.9) due to CVE-2025-54068. The attacker created tons of spam pages and set up permanent redirects to http
@mehrab_build
19 Feb 2026
15321 Impressions
7 Retweets
90 Likes
87 Bookmarks
11 Replies
2 Quotes
Laravel-livewire RCE (CVE-2025-54068) - Video POC Here is the Exploit Github repo: https://t.co/o3bdvqC1ra ~credit synacktiv For more bugbounty content Join my telegram channel: https://t.co/J6uPf8H57o https://t.co/XxjlowowWt
@darkshadow2bd
8 Feb 2026
9969 Impressions
32 Retweets
176 Likes
130 Bookmarks
3 Replies
1 Quote
LE WEB A CASSÉ en DÉCEMBRE 2025. React2Shell, MongoBleed, Livewire... les piliers d'Internet se sont effondrés. 💥 J'ai invité les chercheurs de chez @Synacktiv, @_Worty et @_remsio_, pour décortiquer la RCE sur Livewire (CVE-2025-54068)🛠️ https://t.co/67QcHXWWLV
@Fransosiche
4 Feb 2026
1962 Impressions
10 Retweets
17 Likes
2 Bookmarks
0 Replies
1 Quote
🚨 CVE-2025-54068 - critical 🚨 Laravel Livewire v3 - Remote Command Execution > Livewire v3 (Laravel) contains a vulnerability in its component hydration/update mech... 👾 https://t.co/RtKjdyBzaR @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
4 Feb 2026
217 Impressions
2 Retweets
5 Likes
4 Bookmarks
0 Replies
0 Quotes
Update your Livewire version! I heard two people report that they were hacked through an old Livewire website. CVE-2025-54068 is now actively exploited. If you're under < 3.6.4, upgrade immediately.
@SRWieZ
28 Jan 2026
139 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
Livewire has a RCE vulnerability (CVE-2025-54068) and people are not talking enough about it. Attackers are silently installing Crypto miners on your servers and you're not even aware about it. If you're using @LaravelLivewire up to 3.6.3 on your @laravelphp website, you most
@triplethata
26 Jan 2026
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 #0day Alert! 🚨 CVE-2025-54068 exploit for #LiveWire Remote Command Execution is now public. ⚡ #CyberSecurity #RCE #Exploit #Vulnerability #InfoSec https://t.co/yBibL6JYWU
@TheExploitLab
24 Jan 2026
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Always keep the targets you find easily accessible, so that when a new vulnerability emerges, you'll definitely come across one of them 🥳🥳🥰🥰 Target: CVE-2025-54068 Tool: https://t.co/ahDmL3YRc0 @intigriti #bugbountytip #bugbountytips #infosec #recon https://t.co/v
@ynsmroztas
23 Jan 2026
6691 Impressions
14 Retweets
121 Likes
92 Bookmarks
0 Replies
0 Quotes
‼️Livepyre: A tool designed to exploit CVE-2025-54068 and Remote Command Execution if the APP_KEY of the Livewire project is known. GitHub: https://t.co/7XOU7YC0Uo Writeup: https://t.co/2KjVJxndu5 CVSS: 9.2 Description: Livewire is a full-stack framework for Laravel. In h
@DarkWebInformer
22 Jan 2026
3317 Impressions
5 Retweets
27 Likes
17 Bookmarks
1 Reply
0 Quotes
🚨 CVE-2025-54068: Unauthenticated RCE in Laravel Livewire v3 ⚠️ Only for educational purposes & ethical hacking 👍 Like, comment & share if this helped! #CyberSecurity #EthicalHacking #CVE #Exploit #PoC #RedTeam #BugBounty #Infosec #Pentesting #OSCP https://t.co/
@r0otk3r
12 Jan 2026
147 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
C'est un beau début d'année pour la FrenchTech avec : 💥 Vulns CVE-2026-21858 et CVE-2025-68613 n8n par @Chocapikk 💥 Vuln Livewire CVE-2025-54068* par @_Worty et @_remsio_ Bravo à vous 🎉 et bonne année 2026 😄 *allez.... fin 2025 c'est presque début 2026 😅
@mynameisv_
9 Jan 2026
424 Impressions
0 Retweets
6 Likes
0 Bookmarks
4 Replies
0 Quotes
CVE-2025-54068 is the #React2Shell of the Laravel world.🚩 Just like Next.js Server Actions, Livewire bridges the frontend/backend gap automatically. But blindly deserializing state from the client? That leads to RCE. 👇Try the exploit via Vulhub: https://t.co/dWjH6HTcif #Vul
@phithon_xg
8 Jan 2026
24470 Impressions
68 Retweets
365 Likes
221 Bookmarks
5 Replies
1 Quote
"🚨 New exploit tool alert: synacktiv/Livepyre targets CVE-2025-54068. \nCheck it out: https://t.co/A9n9p95cmK \n#cybersecurity #exploit #CVE202554068 #infosec"
@dxiadong527
8 Jan 2026
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#exploit #AppSec 1⃣. Livewire: RCE through unmarshaling - https://t.co/sQJ0RjUly5 // critical vulnerability (CVE-2025-54068) in Livewire allows RCE via unsafe object unmarshaling during component hydration, affecting many Laravel projects and patched in v3.6.4+, highlighting t
@ksg93rd
30 Dec 2025
1003 Impressions
0 Retweets
13 Likes
4 Bookmarks
1 Reply
1 Quote
CVE-2025-54068 # The Livewire "Silent Killer": Remote Code Execution (RCE) via Stealth Read the full report on - https://t.co/OkLUEWh0g8 https://t.co/g7d0hspqr1
@cyberbivash
26 Dec 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 RCE in #Livewire (CVE-2025-54068)! Our specialists uncovered a critical flaw allowing remote code execution without the APP_KEY, exploiting Livewire’s hydration mechanism + PHP’s loose typing. 🔗 Patch now! (v3.6.4+) https://t.co/a5dFicootF
@Synacktiv
23 Dec 2025
23597 Impressions
33 Retweets
97 Likes
51 Bookmarks
1 Reply
4 Quotes
#VulnerabilityReport #CVE202554068 Critical Livewire RCE (CVE-2025-54068) Threatens Millions of Laravel Apps – Patch Immediately! https://t.co/GChbpHJzWx
@Komodosec
26 Aug 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Livewire の脆弱性 CVE-2025-54068 が FIX:Laravel アプリに RCE の可能性 https://t.co/qVBDI2tkZy Livewire に深刻な脆弱性が発見されました特に v3 系列を使っていると、未認証の脅威アクターに攻撃される可能性があるという
@iototsecnews
4 Aug 2025
62 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 :CVE-2025-54068 : Unauthenticated Remote Command Execution in Livewire Framework v3 Up to 3.6.3 📊729.7K+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/VUmfY2hURH 👇Query HUNTER : https://t.co/q9rtuGfZuz="Livewire" https:
@HunterMapping
22 Jul 2025
3264 Impressions
14 Retweets
55 Likes
23 Bookmarks
3 Replies
0 Quotes
A critical vulnerability in Livewire exposes millions of Laravel web applications to unauthenticated remote command execution attacks, compelling immediate upgrades to version 3.6.4. This flaw, CVE-2025-54068, can allow attackers to execute arbitrary commands without any user ...
@CybrPulse
21 Jul 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-54068 Unauthenticated Remote Command Execution in Livewire Framework v3 Up to 3.6.3 https://t.co/Jr776uNhkq
@VulmonFeeds
17 Jul 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54068 Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command … https://t.co/2A75cODfcU
@CVEnew
17 Jul 2025
326 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-54068: CRITICAL] Warning: Vulnerability in Livewire v3 allows remote command execution. Upgrade to v3.6.4 to patch the issue. Exploitation doesn't need authentication or user interaction.#cve,CVE-2025-54068,#cybersecurity https://t.co/yGMOhl3JkQ https://t.co/n2P8kpIoo4
@CveFindCom
17 Jul 2025
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:laravel:livewire:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A81C21A-76FA-4AF1-B265-01730D15D670",
"versionEndExcluding": "3.6.4",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]