← Kembali ke database
CVE-2025-54068 Tinggi Sudah Ditambal

Livewire Unsafe Property Hydration

Unauthenticated component update allows unsafe hydration leading to RCE.

Versi Terdampak
livewire/livewire >=3.0, <3.6.4
Ditemukan
June 1, 2025
Malicious snapshot sent to `/livewire/update` can invoke dangerous code paths in vulnerable versions.

Proof of Concept

terminal — bash 
POST /livewire/update with crafted component payload