COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2025-54068

CVE-2025-54068

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-03-20
Reference
https://nvd.nist.gov/vuln/detail/CVE-2025-54068
⚡ RCE ⌖ exploited in the wild shame 85/100 rceexploited-in-wildsupply-chain

Laravel Livewire allows unauthenticated attackers to execute remote commands via code injection.

This vulnerability enables remote code execution in Laravel Livewire without authentication, posing a severe risk to defense contractors relying on Livewire for secure applications. DIB organizations must immediately patch their dependencies and audit all Livewire-enabled services to prevent unauthorized command execution.

Shame score — An unauthenticated RCE in a widely used framework component is a critical failure that undermines trust in the software supply chain.

Players implicated

Laravel · vendorLivewire · product

Description

Laravel Livewire contain a code injection vulnerability that could allow unauthenticated attackers to achieve remote command execution in specific scenarios.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.