THE article discusses a critical vulnerability in Laravel Livewire, identified as CVE-2025-54068, which allows unauthenticated remote code execution and has been actively exploited in the wild. This vulnerability, affecting Livewire versions from 3.0.0-beta.1 to 3.6.3, poses a significant risk, with attackers targeting various sectors, including e-commerce and healthcare. Over 6,000 applications have been compromised, leading to the theft of sensitive data such as database credentials and payment tokens.
It is crucial for organizations to update to version 3.6.4 or later to mitigate this risk. The threat actors are linked to an Indonesian group and the campaign exhibits a large scale of data breaches.