Polyscope - The agent-first dev environment for Laravel

Blog Tutorials Packages Newsletter Podcasts

Partners Links Your Account

Livewire Security Vulnerability

Published on July 22nd, 2025 by Eric L. Barnes

Livewire Security Vulnerability image

As reported in CVE-2025-54068, anyone running Livewire before 3.6.3 is vulnerable to remote command execution during component property update hydration. Here is how it's explained in the CVE:

In Livewire v3 (≤ 3.6.3), a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is unique to Livewire v3 and does not affect prior major versions. Exploitation requires a component to be mounted and configured in a particular way, but does not require authentication or user interaction.

According to Securing Laravel, "it's a rather sneaky vulnerability that can be disastrously effective".

This issue has been patched in Livewire v3.6.4, and you should update to this version as soon as possible.

To update, run the following to get the latest version:

composer update livewire/livewire

Then, ensure it's 3.6.4 or higher with the show command:

composer show livewire/livewire

Eric is the creator of Laravel News and has been covering Laravel since 2012.

Threads

Instagram

Github

Filed in:

News

Cube

Laravel Newsletter

Join 40k+ other developers and never miss out on new tips, tutorials, and more.

Cube

Laravel Jobs

Explore hundreds of open positions today.

Senior Developer (Laravel/React)

Senior Software Engineer

Full Stack Engineer - Laravel

Design Focused Front-End Developer

Sr. Laravel Developer & Solutions Architect

Acquaint Softtech

Hire Laravel developers with AI expertise at $20/hr. Get started in 48 hours.

Partners

View all →

Get Lucky Now - the ideal choice for Laravel Development, with over a decade of experience!

The must-have code runner for Laravel developers. Tinker with AI, autocompletion and instant feedback on local and production environments.

The next generation time-tracking and billing software that helps your agency plan and forecast a profitable future.

Acquaint Softtech offers AI-ready Laravel developers who onboard in 48 hours at $3000/Month with no lengthy sales process and a 100 percent money-back guarantee.

The go-to PHP IDE with extensive out-of-the-box support for Laravel and its ecosystem.

Providing innovation and stability to ensure your web application succeeds.

Easily create and manage your servers and deploy your Laravel applications in seconds.

Access real-time search engine results through a simple API—no more scraping headaches! Use it for AI applications, SEO tools, product research, travel information, and more

Expert code review! Get clear, practical feedback from two Laravel devs with 10+ years of experience helping teams build better apps.

Running an old Laravel version? Instant, automated Laravel upgrades and code modernization to keep your applications fresh.

SaaSykit is a Multi-tenant Laravel SaaS Starter Kit that comes with all features required to run a modern SaaS. Payments, Beautiful Checkout, Admin Panel, User dashboard, Auth, Ready Components, Stats, Blog, Docs and more.

The latest

View all →

Simple Feature Flags for Laravel with Laravel Toggle image

Simple Feature Flags for Laravel with Laravel Toggle

Manage Laravel Cloud Deployments Inside PhpStorm image

Manage Laravel Cloud Deployments Inside PhpStorm

Piper: Laravel-Style Array and String Helpers for PHP's Pipe Operator image

Piper: Laravel-Style Array and String Helpers for PHP's Pipe Operator

Storage Cache Store in Laravel 13.10.0 image

Storage Cache Store in Laravel 13.10.0

Laravel MongoDB Full-Text Search tutorial: The Art of the Relevancy image

Laravel MongoDB Full-Text Search tutorial: The Art of the Relevancy

Drag-and-Drop Sorting for Eloquent Models with Reorderable for Laravel image

Drag-and-Drop Sorting for Eloquent Models with Reorderable for Laravel