# Critical Vulnerability in Laravel Livewire Leads to Massive Credential Theft

*Published July 17, 2026*
*Source: [https://threats.wiz.io/all-incidents/cve-2025-54068-exploited-in-large-scale-laravel-livewire-credential-theft-campaign](https://threats.wiz.io/all-incidents/cve-2025-54068-exploited-in-large-scale-laravel-livewire-credential-theft-campaign)*

## Executive Summary

A critical vulnerability in Laravel Livewire version 3, known as CVE-2025-54068, has been exploited in a large-scale credential theft campaign. The breach has affected over 6,167 applications, with credentials actively used by attackers, highlighting the need for immediate security measures.

## Article

A significant security breach has been identified involving CVE-2025-54068, a critical remote code execution vulnerability in Laravel Livewire version 3. Threat actors exploited this flaw to deploy PHP deserialization attacks, effectively running a Bash-based script designed to steal credentials and application secrets from compromised servers. This campaign has been extensive, with stolen credentials traced to over 6,167 applications, including production database credentials, cloud service credentials, API keys, and more than 1,850 database dumps. The scale and impact of this breach are substantial, as these credentials have been actively used by attackers post-compromise.

Analysis of the infrastructure used in these attacks indicates a high likelihood of involvement by a threat actor originating from Indonesia. The attackers' activities underline the critical need for maintaining up-to-date security patches and monitoring systems for unusual activity to prevent such vulnerabilities from being exploited. Organizations using Laravel Livewire must urgently assess their systems for signs of compromise and take immediate steps to secure their applications and data.

As security teams respond to this incident, the focus should be on identifying compromised credentials and re-securing affected systems. This involves not only addressing the immediate threat but also enhancing overall security posture to prevent future incidents. Monitoring and responding to potential threats in real-time can mitigate the risks posed by vulnerabilities like CVE-2025-54068.
