ACCORDING to CISA, the Known Exploited Vulnerabilities (KEV) Catalog currently shows one entry: CVE-2025-54068, described as a Laravel Livewire code injection vulnerability that could allow unauthenticated attackers to achieve remote command execution in specific scenarios. The entry lists CWE-94 and notes that it is Unknown whether it has been used in ransomware campaigns. Date Added is 20 March 2026 and the Due Date is 3 April 2026.
The recommended action is to apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Additional notes include links to the associated advisories and commits, and a NVD page entry for CVE-2025-54068.