ГлавнаяУязвимости → CVE-2025-14894
9.8критическая

CVE-2025-14894

→ есть в БДУ: BDU:2026-00912 (на русском)
Описание (на английском; русское — в БДУ выше)

Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup process within Laravel applications has been completed.

Затрагиваемое ПО
Livewire-filemanager Filemanager
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/livewire-filemanager/filemanagerhttps://hackingbydoing.wixsite.com/hackingbydoing/post/unauthenticated-rce-in-livewire-filemanagerhttps://www.kb.cert.org/vuls/id/650657