CVE-2025-54068CRITICAL 9.8CISA KEVEPSS p99.8%

CVE-2025-54068Laravel Livewire Code Injection Vulnerability

Laravel / Livewire

Description

Laravel Livewire contain a code injection vulnerability that could allow unauthenticated attackers to achieve remote command execution in specific scenarios.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS92.03% probability of exploitation · percentile 99.8% · 2026-06-17T12:03:21Z
Published2025-07-17
Last modified2026-03-20

CISA KEV entry

Added to KEV: 2026-03-20

Underlying weaknesses· 1

CWE-94

References

  1. https://github.com/livewire/livewire/commit/ef04be759da41b14d2d129e670533180a44987dc
  2. https://github.com/livewire/livewire/releases/tag/v3.6.4
  3. https://github.com/livewire/livewire/security/advisories/GHSA-29cq-5w36-x7w3
  4. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54068
  5. https://www.threathunter.ai/blog/iranian-threat-actor-tools-techniques-iocs-ioas/

1

TypeTargetConfidenceTier
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

(incoming)1

TypeTargetConfidenceTier
KEVEntryLaravel Livewire Code Injection Vulnerabilitykev-cve-2025-540680%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-14894
CVE
Craft CMS Code Injection Vulnerability
CVE
Laravel Ignition File Upload Vulnerability
CVE
CVE-2025-63888
CVE
CVE-2025-50706
CVE
CVE-2025-55319
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.