Exposures › CVE-2025-54068
Laravel Livewire allows unauthenticated attackers to execute remote commands via code injection.
This vulnerability enables remote code execution in Laravel Livewire without authentication, posing a severe risk to defense contractors relying on Livewire for secure applications. DIB organizations must immediately patch their dependencies and audit all Livewire-enabled services to prevent unauthorized command execution.
Shame score — An unauthenticated RCE in a widely used framework component is a critical failure that undermines trust in the software supply chain.
Laravel Livewire contain a code injection vulnerability that could allow unauthenticated attackers to achieve remote command execution in specific scenarios.
No correlated FedRAMP products.