Livewire Filemanager Vulnerability Enables RCE in Web Applications

Livewire Filemanager Vulnerability Enables RCE in Web Applications

First seen 19 Jan 2026, 18:31 UTC RedhotcyberCybersecuritynewsCyberpress 78% similarity 53.0

Article Content

Browse articles
ThreatCluster

A critical vulnerability in Livewire Filemanager, tracked as CVE-2025-14894, allows unauthenticated remote code execution (RCE) on affected Laravel web applications. This flaw arises from improper file validation in the LivewireFilemanagerComponent.php component, putting numerous servers at risk. The vulnerability has been assigned CERT vulnerability note VU#650657.

ThreatCluster AI

Community

Browse all →