Is livewire/livewire affected by CVE-2025-54068?

Packagist livewire/livewire is affected in >=3.0.0-beta.1 <3.6.4.

Is CVE-2025-54068 being exploited?

Yes — it is on the CISA Known Exploited Vulnerabilities (KEV) list.

critical exploited in the wild

CVE-2025-54068

Q: Is CVE-2025-54068 being exploited?

Yes — it is on the CISA Known Exploited Vulnerabilities (KEV) list.

Packagist · livewire/livewire

Summary

Livewire is vulnerable to remote command execution during component property update hydration

Severity: critical
EPSS: 92.0% (p100)
Also known as: GHSA-29cq-5w36-x7w3
Published: 2025-07-17

References

https://github.com/livewire/livewire/security/advisories/GHSA-29cq-5w36-x7w3
https://nvd.nist.gov/vuln/detail/CVE-2025-54068
https://github.com/livewire/livewire/commit/ef04be759da41b14d2d129e670533180a44987dc

Related advisories

CVE-2024-47823 — high · Packagist/livewire/livewire
GHSA-qwvp-268g-jjm8 — medium · Packagist/livewire/livewire

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.