Skip to main content

Livewire

4 CVEs product

Monthly

CVE-2025-54068 PHP CRITICAL POC KEV PATCH THREAT Act Now

Laravel Livewire v3 through v3.6.3 contains a critical remote code execution vulnerability (CVE-2025-54068, CVSS 9.8) that allows unauthenticated attackers to execute commands through improper hydration of component property updates. KEV-listed with EPSS 16%, this vulnerability affects one of the most popular PHP frameworks, potentially compromising thousands of Laravel applications using Livewire for reactive server-side rendering.

Laravel PHP RCE Code Injection Livewire
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
16.0%
Threat
5.4
CVE-2024-47823 PHP HIGH POC PATCH This Week

Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass PHP Livewire
NVD GitHub
CVSS 4.0
7.7
EPSS
0.8%
CVE-2024-21504 PHP MEDIUM POC PATCH This Month

Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting (XSS) when a page uses [Url] for a property. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Livewire
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-22859 HIGH PATCH This Week

Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE CSRF Livewire
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
EPSS 16% 5.4 CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

Laravel Livewire v3 through v3.6.3 contains a critical remote code execution vulnerability (CVE-2025-54068, CVSS 9.8) that allows unauthenticated attackers to execute commands through improper hydration of component property updates. KEV-listed with EPSS 16%, this vulnerability affects one of the most popular PHP frameworks, potentially compromising thousands of Laravel applications using Livewire for reactive server-side rendering.

Laravel PHP RCE +2
NVD GitHub VulDB
EPSS 1% CVSS 7.7
HIGH POC PATCH This Week

Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass PHP Livewire
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting (XSS) when a page uses [Url] for a property. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Livewire
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE CSRF Livewire
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy