Description

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is unique to Livewire v3 and does not affect prior major versions. Exploitation requires a component to be mounted and configured in a particular way, but does not require authentication or user interaction. This issue has been patched in Livewire v3.6.4. All users are strongly encouraged to upgrade to this version or later as soon as possible. No known workarounds are available.

INFO

Published Date :

2025-07-17T18:16:56.099Z

Last Modified :

2026-03-23T13:04:50.156Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-54068 vulnerability.

Vendors Products
Laravel
  • Livewire
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-54068.

URL Resource
https://github.com/livewire/livewire/commit/ef04be759da41b14d2d129e670533180a44987dc cve-icon cve-icon
https://github.com/livewire/livewire/releases/tag/v3.6.4 cve-icon cve-icon
https://github.com/livewire/livewire/security/advisories/GHSA-29cq-5w36-x7w3 cve-icon cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54068 cve-icon cve-icon
https://www.threathunter.ai/blog/iranian-threat-actor-tools-techniques-iocs-ioas/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact