CVE-2025-54068

Name of the Vulnerable Software and Affected Versions Livewire versions 3.0.0-beta.1 through 3.6.3

Description Livewire, a full-stack framework for Laravel, has a flaw that allows unauthenticated attackers to execute commands remotely in certain situations. This issue arises from how component property updates are processed. Exploitation requires a specifically configured component but does not need user interaction or authentication. Reports indicate active exploitation of this issue, with attackers installing cryptocurrency miners on compromised servers and creating spam pages. The vulnerability does not affect versions prior to Livewire v3.

Recommendations Upgrade to Livewire version 3.6.4 or later immediately.