CVE-2025-14894

Name of the Vulnerable Software and Affected Versions Livewire Filemanager (affected versions not specified)

Description Livewire Filemanager, often used with Laravel applications, has a component,

LivewireFilemanagerComponent.php

, that lacks proper file type and MIME validation. This allows for remote code execution by uploading a malicious PHP file. If a standard Laravel application setup is in place, this file can be executed through the '/storage/' URL.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.