CVE-2025-14894

Name of the Vulnerable Software and Affected Versions Livewire Filemanager (affected versions not specified)

Description Livewire Filemanager, commonly used in Laravel applications, contains a flaw in LivewireFilemanagerComponent.php where it does not perform adequate file type and MIME validation. This allows for the upload of malicious PHP files. If Laravel storage linking is enabled, these files can be executed via the /storage/ URL, leading to Remote Code Execution (RCE) as the web-server user. Successful exploitation can result in full server compromise and potential lateral movement within the infrastructure. The issue affects Laravel web applications globally.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.