CISA has added CVE‑2025‑54068 to its Known Exploited Vulnerabilities (KEV) catalogue. The flaw affects Laravel’s Livewire component and is listed as the “Laravel Livewire Code Injection Vulnerability”. It permits unauthenticated attackers to achieve remote command execution under certain conditions.
The vulnerability is a code‑injection flaw that can be triggered through crafted input to Livewire’s server‑side rendering pipeline. It is rated 9.2 (CRITICAL) on the CVSS v3.1 scale. Successful exploitation allows an attacker to execute arbitrary commands on the host running the vulnerable Livewire application, potentially leading to full system compromise. A vendor‑provided patch is already available and the advisory is published on GitHub.
Active exploitation of CVE‑2025‑54068 has been confirmed, which is why it appears in the KEV list. No ransomware campaigns have been linked to this exploit at present. CISA has set a remediation deadline of 3 April 2026, giving federal agencies just under two weeks to address the issue.
CISA’s required action is to “apply mitigations per vendor instructions, follow applicable BOD 22‑01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable”. The directive applies directly to Federal Civilian Executive Branch (FCEB) agencies, but all organisations using Laravel Livewire should verify whether they are affected and apply the available patch without delay.
For full technical details and remediation guidance see the NVD entry for CVE‑2025‑54068 and the CISA KEV catalogue.