Laravel Livewire RCE (CVE-2025-54068)
Description
Laravel Livewire v3 contains a vulnerability in the component hydration and update workflow. When a Livewire component is mounted and configured in specific ways, an attacker can craft a malicious update request that causes unsafe handling of attacker-influenced structured data during hydration. This can lead to unintended object handling / unserialization behavior and ultimately remote command execution in the context of the web server process. Because exploitation can be performed remotely and does not require authentication, successful attacks can result in full compromise of the affected application server.
Remediation
Upgrade to the latest patched version of Livewire