Browse all 3 CVE security advisories affecting livewire. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Livewire serves as a full-stack framework for building dynamic web applications using Laravel, enabling real-time features without writing JavaScript. Historically, it has been susceptible to remote code execution (RCE), cross-site scripting (XSS), and privilege escalation vulnerabilities, often stemming from improper input validation and insecure direct object references. The framework's server-side rendering approach introduces unique attack vectors, with past incidents including RCE through component manipulation and XSS via unescaped output. While no major public breaches have been widely documented, the three CVEs highlight persistent security concerns around user input handling and access control, requiring developers to implement strict validation and sanitization practices when implementing Livewire in production environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-54068 | Livewire vulnerable to remote command execution during property update hydration — livewireCWE-94 | 9.8AI | CriticalAI | 2025-07-17 |
| CVE-2025-27517 | Volt Allows RCE Via User-Crafted Requests — voltCWE-20 | 9.8 | - | 2025-03-05 |
| CVE-2024-47823 | Livewire Remote Code Execution (RCE) on File Uploads — livewireCWE-20 | 9.8AI | CriticalAI | 2024-10-08 |
This page lists every published CVE security advisory associated with livewire. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.