CNNVD-202507-2331 Information
CNNVD ID
CNNVD-202507-2331
Related CVE
- CNNVD Published: 2025-07-17
Description (Chinese)
Livewire是Livewire开源的一个 Laravel 的全栈框架,允许您在不离开 PHP 的情况下构建动态 UI 组件。 Livewire 3.6.3及之前版本存在代码注入漏洞,该漏洞源于组件属性更新处理不当,可能导致远程命令执行。
Description (English)
Livewire is a Laravel all-in-house frame for Livewire open sources that allows you to build dynamic UI components without leaving PHP. Livewire 3.6.3 and previous versions contain a code-injecting loophole, which arises from the inappropriate handling of component properties and may lead to remote command execution.
Hazard Level
Low
Vulnerability Type
代码注入
Affected Vendor
Livewire
Published
2025-07-17
Last Modified
2026-02-24
References
https://github.com/livewire/livewire/releases/tag/v3.6.4 https://github.com/livewire/livewire/security/advisories/GHSA-29cq-5w36-x7w3 https://github.com/livewire/livewire/commit/ef04be759da41b14d2d129e670533180a44987dc https://nvd.nist.gov/vuln/detail/CVE-2025-54068
Patch
https://github.com/livewire/livewire/releases
Share on: