CVE-2025-54068

actively exploited

severity analysis detection code search

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is unique to Livewire v3 and does not affect prior major versions. Exploitation requires a component to be mounted and configured in a particular way, but does not require authentication or user interaction. This issue has been patched in Livewire v3.6.4. All users are strongly encouraged to upgrade to this version or later as soon as possible. No known workarounds are available.

7.5

cvss high

common vulnerability scoring system v3.1. measures intrinsic severity on a 0-10 scale.

epss 0.4885

exploitation prediction scoring system. probability this vulnerability will be exploited in the wild in the next 30 days.

kev yes

cisa known exploited vulnerabilities catalog. confirmed active exploitation. rdintel-analysisseverity and description assessed by rdintel before official nvd publication.

CVSS 4.0 Common Vulnerability Scoring System v4.0

9.2 / 10

CRITICAL

exploitability

Attack Vector

Network

Attack Vector (AV:N): exploitable remotely over the network — most dangerous. no physical or adjacent access needed.

Attack Complexity

High

Attack Complexity (AC:H): exploitation requires specific conditions outside the attacker's control (race condition, non-default config, etc).

Attack Requirements

None

Attack Requirements (AT:N): no special deployment or execution conditions needed.

Privileges Required

None

Privileges Required (PR:N): no authentication needed. any anonymous attacker can exploit this.

User Interaction

None

User Interaction (UI:N): no victim action needed. fully exploitable without user interaction.

vulnerable system impact

Vuln Confidentiality

High

Confidentiality (VC:H): total information disclosure. attacker gains access to all data within the component.

Vuln Integrity

High

Integrity (VI:H): complete data modification possible. attacker can modify any data.

Vuln Availability

High

Availability (VA:H): total denial of service. attacker can fully shut down the resource.

subsequent system impact

Sub Confidentiality

None

Subsequent Confidentiality: impact on data confidentiality of downstream/connected systems. Value: N (None)

Sub Integrity

None

Subsequent Integrity: impact on data integrity of downstream/connected systems. Value: N (None)

Sub Availability

None

Subsequent Availability: impact on service availability of downstream/connected systems. Value: N (None)

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

exploitation detection attribution advisories media timeline

activity density

rdintel assessment

actively exploited. patch immediately.

detection rules available.

composite score from 15+ signals including exploitation status, epss probability, detection coverage, and community attention. 0-100 scale.

exploitation

actively exploited

Vendor - Product Name

Apply vendor-provided patches

poc repositories (3)

researcher/exploit-poc - 42 stars - Python

security-lab/cve-checker - 18 stars - Go

detection

nuclei-template-id - critical - by projectdiscovery

sigma-rule-title - high - windows

timeline

2024-01-15 - published - CVE record created

2024-01-18 - poc - First exploit code published

2024-01-20 - kev - Added to known exploited

pocs, detection rules, timeline, advisories, and more