theinfosecnews
theinfosecnews
Subscribe to Daily Digest

CVE-2025-54068

CISA KEV

Published March 20, 2026 · Updated April 3, 2026

high

What This Means

# CVE-2025-54068: Laravel Livewire Code Injection Laravel Livewire versions prior to patched releases contain an unauthenticated code injection vulnerability that permits remote command execution when specific conditions are present in application configuration or usage patterns. An unauthenticated attacker can exploit this flaw to execute arbitrary code on affected servers with the privileges of the web application process. **Required Actions:** - Identify all Laravel Livewire installations in your environment and determine current versions - Apply the latest patched version immediately—check the Laravel security advisories page for the specific version number and release date - If immediate patching is unavailable, restrict network access to affected Livewire endpoints using WAF rules or IP-based controls - Review application logs for exploitation attempts targeting Livewire components or request handlers

Official Description+

Laravel Livewire contain a code injection vulnerability that could allow unauthenticated attackers to achieve remote command execution in specific scenarios.

Affected Products

VendorProduct
LaravelLivewire

Patch Status

Patch by 2026-04-03

Recommended Actions

  1. Check if your systems use any of the affected products listed above.
  2. Apply vendor patches immediately if available.
  3. This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
  4. Monitor vendor advisories for updates and additional mitigations.
  5. Review logs for indicators of compromise related to CVE-2025-54068.

Related Coverage

Vvulnerability

CVE-2025-54068: Unauthenticated Code Injection in Laravel Livewire Enables Remote Command Execution

CVE-2025-54068 is an unauthenticated code injection vulnerability in Laravel Livewire that allows remote attackers to execute arbitrary code on affected servers under specific application configurations. No credentials are required to exploit the flaw, and successful attacks can result in full server compromise, credential theft, and persistent access. CISA has added the vulnerability to its Known Exploited Vulnerabilities catalog with a federal remediation deadline of April 3, 2026.

CISA KEV·14d ago·3 min read