CVE-2025-14894

CRITICAL

livewire-filemanager/filemanager < 1.0.0 - Unauthenticated Remote Code Execution via Unrestricted File Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-14894. PoCs published by HelgeSverre.

AI-analyzed exploit summary This repository contains a functional honeypot designed to capture and analyze exploit attempts targeting CVE-2025-14894, a critical RCE vulnerability in Livewire's file upload functionality. It includes a FastAPI-based web server, ASGI middleware for request logging, and a sandboxed Docker environment for payload analysis.

Description

Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup process within Laravel applications has been completed.

Exploits (1)

github WORKING POC 1 stars

by HelgeSverre · pythonpoc

https://github.com/HelgeSverre/livewire-honeypot

View Code ZIP pw:eip

This repository contains a functional honeypot designed to capture and analyze exploit attempts targeting CVE-2025-14894, a critical RCE vulnerability in Livewire's file upload functionality. It includes a FastAPI-based web server, ASGI middleware for request logging, and a sandboxed Docker environment for payload analysis.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Livewire (Laravel Livewire) < 2.12.7 and < 3.5.2

No auth needed

Prerequisites: Docker for sandbox analysis · Python 3.11+ · uv for dependency management

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed May 01, 2026 Full analysis →

References (3)

Core 3

Core References

Product

https://github.com/livewire-filemanager/filemanager

View Writeup ZIP pw:eip

Not Applicable

https://hackingbydoing.wixsite.com/hackingbydoing/post/unauthenticated-rce-in-livewire-filemanager

Third Party Advisory

https://www.kb.cert.org/vuls/id/650657

Scores

CVSS v3 9.8

EPSS 0.0057

EPSS Percentile 42.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-434

Status published

Products (2)

livewire-filemanager/filemanager < 1.0.0

livewire-filemanager/filemanager 0Packagist

Published Jan 16, 2026

Tracked Since Feb 18, 2026