CVE-2025-54068

Confirmed PUBLISHED

Livewire vulnerable to remote command execution during property update hydration

livewire · livewire

1 day faster than CISA KEV

Exploited in the wild Active exploitation observed PoC available

Recommended Action

Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.

Confidence
Confirmed
Exploitation Status
Active exploitation observed
Observed in Sensors
Yes
Attempts (30d)
1
Unique Attacker IPs
1
CISA KEV
In CISA KEV
CVSS / EPSS
9.2 Critical EPSS 95.4%

At a Glance

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is unique to Livewire v3 and does not affect prior major versions. Exploitation requires a component to be mounted and configured in a particular way, but does not require authentication or user interaction. This issue has been patched in Livewire v3.6.4. All users are strongly encouraged to upgrade to this version or later as soon as possible. No known workarounds are available.

nuclei_scanner cisa ios
CVE Published
Jul 17, 2025
Exploitation Reported
Jun 01, 2026
CVSS
9.2 Critical
EPSS
95.4%
Remote No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
livewire
livewire

>= 3.0.0-beta.1, < 3.6.4

Affected

CVE References

Recommended Actions

  • Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.
  • Review sensor telemetry for request paths, attacker IPs, and payload patterns that may inform detection and exposure validation.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.