CVE-2025-54068 – This vulnerability in Livewire v3 allows unauth... (How to Fix)

Q: What is the severity of CVE-2025-54068?

CVE-2025-54068 has a CVSS score of 9.8 (CRITICAL). This vulnerability in Livewire v3 allows unauthenticated attackers to execute arbitrary commands remotely on affected systems. The issue occurs when specific component property updates are improperly handled during hydration. All Livewire v3 installations up to version 3.6.3 are affected, regardless of authentication requirements.

📋 TL;DR

This vulnerability in Livewire v3 allows unauthenticated attackers to execute arbitrary commands remotely on affected systems. The issue occurs when specific component property updates are improperly handled during hydration. All Livewire v3 installations up to version 3.6.3 are affected, regardless of authentication requirements.

💻 Affected Systems

Products:

Livewire

Versions: v3.0.0 through v3.6.3

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires a component to be mounted and configured in a specific way, but this is common in Livewire applications.

📦 What is this software?

Livewire by Laravel

View all CVEs affecting Livewire →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with full remote code execution, allowing attackers to install malware, exfiltrate data, or pivot to other systems.

🟠

Likely Case

Remote command execution leading to web server compromise, data theft, and potential lateral movement within the network.

🟢

If Mitigated

Limited impact if system is isolated, has strict network controls, and minimal sensitive data exposure.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires specific component configurations but no authentication or user interaction.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v3.6.4

Vendor Advisory: https://github.com/livewire/livewire/security/advisories/GHSA-29cq-5w36-x7w3

Restart Required: Yes

Instructions:

1. Update composer.json to require 'livewire/livewire: ^3.6.4'. 2. Run 'composer update livewire/livewire'. 3. Clear Laravel cache with 'php artisan cache:clear'. 4. Restart web server.

🧯 If You Can't Patch

Isolate affected systems from internet access
Implement strict network segmentation and monitoring

🔍 How to Verify

Check if Vulnerable:

Check composer.lock for 'livewire/livewire' version. If version is between 3.0.0 and 3.6.3 inclusive, system is vulnerable.

Check Version:

composer show livewire/livewire | grep versions

Verify Fix Applied:

Verify composer.lock shows 'livewire/livewire' version 3.6.4 or higher.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to Livewire endpoints
Suspicious command execution in web server logs
Abnormal process creation from web server user

Network Indicators:

Unusual outbound connections from web server
Traffic patterns suggesting data exfiltration

SIEM Query:

source='web_logs' AND (uri CONTAINS '/livewire/' OR uri CONTAINS '/livewire/message/') AND status_code=200 AND size_bytes>10000

📊 Metadata

CVE ID: CVE-2025-54068

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

EPSS Score: 22.04% exploit probability (95.6th percentile)

Published: July 17, 2025

Last Updated: August 27, 2025

🔗 References

https://github.com/livewire/livewire/commit/ef04be759da41b14d2d129e670533180a44987dc Patch
https://github.com/livewire/livewire/releases/tag/v3.6.4 Release Notes
https://github.com/livewire/livewire/security/advisories/GHSA-29cq-5w36-x7w3 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-54068, you might also want to check these: