Laravel Livewire Vulnerability Exposes Over 6,000 Apps
ID: 15bf8bf4-464a-540d-b22e-f7d1255cc84d
STIX ID: report--15bf8bf4-464a-540d-b22e-f7d1255cc84d
Feed Name: securityonline.info
Threat Score
A critical unauthenticated RCE in Laravel Livewire (CVE-2025-54068, CVSS 9.8) is being actively exploited to inject PHP objects during hydration, allowing attackers to execute commands, deploy a stealer script (shoc.enz), harvest .env files, database dumps, payment keys and credentials across over 6,000 applications (26M+ emails stolen); patch to Livewire 3.6.4 immediately and rotate exposed credentials.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
