Level 122
Maybe there needs to be better comms around such issues since reports of this are only just surfacing, but the issue was reported and fixed in July 2025.
Dec 29, 2025
5
Level 80
Livewire 3 vulnerability found. Update now!
A vulnerability has been discovered that affects Livewire 3 versions up to and including 3.6.3 (https://nvd.nist.gov/vuln/detail/CVE-2025-54068). If you’re running a vulnerable version, you’re advised to upgrade immediately. This includes if you’re using a package (such as Filament) that relies on affected versions.
Thanks for sharing this information @martinbean
Level 75
Just a side note on updating latest versions. When I worked for the State of Texas, generally programs (stacks) would normally be delayed for around a year. Ensuring of course the current version was safe.
Meaning when a newer version comes out it's generally not a good idea to use it right away rather wait for at least 2 to 4 months for bug catching. Especially for critical data.
But just a suggestion.
These hackers are getting more sophisticated all the time and will find holes in code. It's getting harder to keep up with patches these days.
Almost time to return the the old using pencil and paper days, which I call the good old days.
Level 5
Just a heads up - we’ve already been seeing this actively exploited. Automated scripts compromise the server and then deploy crypto miners.
Level 50
Yes it is being exploited, just run composer audit to check if you need to update
Please or to participate in this conversation.