KEVIntel

Vulnerability detail

Enriched intelligence for a single CVE

PRO Back to KEVs

9.2

CVSS
Critical

CVE-2025-54068

PUBLISHED

Livewire vulnerable to remote command execution during property update hydration

1 day faster than CISA KEV

Exploited in the wild Remote No user interaction

Vendor: livewire
Product: livewire
Published: Jul 17, 2025
EPSS: 58.9% · 98% pctl

Automate this intelligence with the Pro API

Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.

Learn about Pro

Description

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is unique to Livewire v3 and does not affect prior major versions. Exploitation requires a component to be mounted and configured in a particular way, but does not require authentication or user interaction. This issue has been patched in Livewire v3.6.4. All users are strongly encouraged to upgrade to this version or later as soon as possible. No known workarounds are available.

ios cisa nuclei_scanner

Weaknesses (CWE)

CWE-94

Improper Control of Generation of Code ('Code Injection')

CVSS scores

CVSS v4.0 9.2 Critical

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVSS v3.1 9.8 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2026-06-01 12:25:49 UTC · CVE

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CVE First	2026-06-01 12:25 UTC
CISA	2026-06-02 14:02 UTC
Daily CyberSecurity	2026-06-11 02:20 UTC

Scanner integrations

Scanner	Reference	Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-54068.yaml	Jun 01, 2026

Recent mentions

PhpSpreadsheet RCE Vulnerability: PoC Exploit Disclosed for 312 Million Users

Daily CyberSecurity · Jun 11, 2026

PhpSpreadsheet is a widely used library written in pure PHP. It offers a robust set of classes to The post PhpSpreadsheet RCE Vulnerability: PoC Exploit Disclosed for 312 Million Users appeared first on Daily CyberSecurity. Related posts: CISA Flags Active Exploits in Erlang/OTP SSH and Roundcube Webmail: Critical RCE and XSS Flaws Under Attack FortiWeb SQL Injection (CVE-2025-25257) Added to CISA KEV After Active Exploitation, PoC Available! Critical Livewire RCE (CVE-2025-54068) Threatens Millions of Laravel Apps – Patch Immediately!

Timeline

CVE ID Reserved

2025-07-16 13:22 UTC
CVE Published to Public

2025-07-17 18:16 UTC
Added to KEVIntel

2026-06-01 12:25 UTC
Detected by Nuclei

2026-06-01 15:34 UTC
KEV confirmed by CISA

2026-06-02 14:02 UTC
KEV confirmed by Daily CyberSecurity

2026-06-11 02:20 UTC