Description

Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup process within Laravel applications has been completed.

INFO

Published Date :

2026-01-16T12:43:14.264Z

Last Modified :

2026-01-16T21:44:06.442Z

Source :

certcc
AFFECTED PRODUCTS

The following products are affected by CVE-2025-14894 vulnerability.

Vendors Products
Bee Interactive
  • Livewire Filemanager
Livewire-filemanager
  • Filemanager
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-14894.

URL Resource
https://github.com/livewire-filemanager/filemanager cve-icon cve-icon
https://hackingbydoing.wixsite.com/hackingbydoing/post/unauthenticated-rce-in-livewire-filemanager cve-icon cve-icon
https://www.kb.cert.org/vuls/id/650657 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact