4,000 emails/month for free | Mailtrap sends real emails now!

Blog Tutorials Packages Newsletter Podcasts

Partners Links Your Account

Livewire Security Vulnerability

Published on July 22nd, 2025 by Eric L. Barnes

Livewire Security Vulnerability image

As reported in CVE-2025-54068, anyone running Livewire before 3.6.3 is vulnerable to remote command execution during component property update hydration. Here is how it's explained in the CVE:

In Livewire v3 (≤ 3.6.3), a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is unique to Livewire v3 and does not affect prior major versions. Exploitation requires a component to be mounted and configured in a particular way, but does not require authentication or user interaction.

According to Securing Laravel, "it's a rather sneaky vulnerability that can be disastrously effective".

This issue has been patched in Livewire v3.6.4, and you should update to this version as soon as possible.

To update, run the following to get the latest version:

composer update livewire/livewire

Then, ensure it's 3.6.4 or higher with the show command:

composer show livewire/livewire

Eric is the creator of Laravel News and has been covering Laravel since 2012.

Threads

Instagram

Github

Filed in:

News

Cube

Laravel Newsletter

Join 40k+ other developers and never miss out on new tips, tutorials, and more.

Cube

Laravel Jobs

Explore hundreds of open positions today.

Senior Full Stack Laravel Developer

PHP Developer (Latin America, German, French, Spanish speakers)

Solutions Architect

PHP Developer (French or German speakers)

Full Stack Developer

Laravel Code Review

Get expert guidance in a few days with a Laravel code review

Partners

View all →

World class Laravel experts with GenAI dev skills. LATAM-based, embedded engineers that ship fast, communicate clearly, and elevate your product. No bloat, no BS.

Supercharge your project with a seasoned Laravel developer with 4-6 years of experience for just $3200/month. Get 160 hours of dedicated expertise & a risk-free 15-day trial. Schedule a call now!

The must-have code runner for Laravel developers. Tinker with AI, autocompletion and instant feedback on local and production environments.

CodeRabbit is an AI-powered code review tool that specializes in PHP and Laravel, running PHPStan and offering automated PR analysis, security checks, and custom review features while remaining free for open-source projects.

Expert code review! Get clear, practical feedback from two Laravel devs with 10+ years of experience helping teams build better apps.

Providing innovation and stability to ensure your web application succeeds.

Running an old Laravel version? Instant, automated Laravel upgrades and code modernization to keep your applications fresh.

The next generation time-tracking and billing software that helps your agency plan and forecast a profitable future.

Get Lucky Now - the ideal choice for Laravel Development, with over a decade of experience!

E-Commerce for Laravel. An open-source package that brings the power of modern headless e-commerce functionality to Laravel.

SaaSykit is a Multi-tenant Laravel SaaS Starter Kit that comes with all features required to run a modern SaaS. Payments, Beautiful Checkout, Admin Panel, User dashboard, Auth, Ready Components, Stats, Blog, Docs and more.

The latest

View all →

Laravel 12.44 Adds HTTP Client afterResponse() Callbacks image

Laravel 12.44 Adds HTTP Client afterResponse() Callbacks

Handle Nested Data Structures in PHP with the Data Block Package image

Handle Nested Data Structures in PHP with the Data Block Package

Detect and Clean Up Unchanged Vendor Files with Laravel Vendor Cleanup image

Detect and Clean Up Unchanged Vendor Files with Laravel Vendor Cleanup

Seamless PropelAuth Integration in Laravel with Earhart image

Seamless PropelAuth Integration in Laravel with Earhart

Laravel API Route image

Laravel API Route

Laravel News 2025 Recap image

Laravel News 2025 Recap