Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Livewire Remote Command Execution Vulnerability

Vulnerability

Exploited

A remote command execution vulnerability exists in Livewire, a full-stack framework for Laravel, specifically in versions 3.0.0-beta.1 prior to 3.6.3. This vulnerability allows unauthenticated attackers to execute commands remotely under certain conditions. The issue arises from the way certain component property updates are processed, creating a scenario where exploitation is possible without authentication or user interaction. The vulnerability is exclusive to Livewire version 3 and does not impact earlier major releases.

Impact

Exploitation of this vulnerability allows for remote command execution on the server where the affected Livewire component is running.

Remediation

Users are strongly advised to upgrade to Livewire version 3.6.4 or later. Instructions for upgrading can be found in the Livewire GitHub repository.

Added: Jul 17, 2025, 7:22 PM

Updated: Mar 20, 2026, 3:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

9.1

remediation

7.7

relevance

0.3

threat

9.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

9.1

remediation

7.7

relevance

0.3

threat

9.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Livewire Remote Command Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating