Protect.Computer
NEWS

CISA flags 5 actively exploited flaws in Apple, Craft CMS, and Laravel Livewire

· 1 min read · Device safety Network safety
CISA flags 5 actively exploited flaws in Apple, Craft CMS, and Laravel Livewire

Photo by protect.computer (custom explainer graphic) on protect.computer

What happened

CISA added five vulnerabilities to the Known Exploited Vulnerabilities (KEV) catalog on March 20, 2026, confirming active exploitation in the wild:

  1. CVE-2025-31277 (Apple multiple products, buffer overflow)
  2. CVE-2025-32432 (Craft CMS, code injection)
  3. CVE-2025-43510 (Apple multiple products, improper locking)
  4. CVE-2025-43520 (Apple multiple products, classic buffer overflow)
  5. CVE-2025-54068 (Laravel Livewire, code injection)

The highest immediate business risk in this group is for internet-exposed web stacks running vulnerable Craft CMS or Laravel Livewire versions because both issues can enable remote code execution paths.

Why this matters

When CVEs move into KEV, it means defenders should treat patching as an incident-response priority, not routine maintenance.

  • Attackers are already using these bugs, not just discussing them.
  • Public-facing CMS/framework instances are likely first targets for mass scanning.
  • Apple ecosystem flaws can still impact user endpoints, especially unmanaged devices.

What to do right now

  1. Patch vulnerable Craft CMS and Livewire installations first.
  2. Prioritize internet-facing systems and admin panels in emergency patch windows.
  3. Update Apple devices and browsers to fixed builds.
  4. Add temporary compensating controls (WAF rules, access restrictions) while patching.
  5. Hunt logs for suspicious requests against CMS transform/upload and Livewire component endpoints.

How to check if you’re affected

Affected versions/services

  • Craft CMS (CVE-2025-32432):
    • Affected: 3.0.0-RC1 to <3.9.15, 4.0.0-RC1 to <4.14.15, 5.0.0-RC1 to <5.6.17
    • Fixed: 3.9.15, 4.14.15, 5.6.17 and later
  • Laravel Livewire v3 (CVE-2025-54068):
    • Affected: v3 through 3.6.3
    • Fixed: 3.6.4 and later
  • Apple multiple products (CVE-2025-31277):
    • Fixed in: Safari 18.6, watchOS 11.6, visionOS 2.6, iOS 18.6/iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6
    • Devices/services still below those versions should be treated as exposed.

Quick verification steps

  1. Craft CMS: run php craft --version (or check admin footer) and compare against fixed versions above.
  2. Livewire: check composer.lock for livewire/livewire version; if <=3.6.3, update immediately.
  3. Apple endpoints: verify OS/browser versions in device settings or MDM inventory and confirm they are at or above fixed builds.
  4. Exposure check: identify publicly reachable app nodes (/admin, Livewire endpoints, CMS transforms) and patch those first.
  5. Post-patch validation: confirm build/version after deployment and review web logs for exploit-like requests before and after remediation.

Sources

Bottom line

This KEV batch includes both endpoint and server-side risk, but the fastest win is clear: patch externally exposed Craft CMS and Livewire v3 deployments now, then close out Apple updates across managed devices.

Related reading

News
CISA adds CVE-2025-53521 (F5 BIG-IP APM) to KEV after active exploitation

CISA added CVE-2025-53521 affecting F5 BIG-IP APM to the KEV catalog, signaling active exploitation and urgent patch/mitigation action.

News
CISA adds Wing FTP CVE-2025-47813 to KEV catalog after active exploitation

CISA added Wing FTP Server CVE-2025-47813 to the Known Exploited Vulnerabilities catalog, signaling active exploitation risk and urgent patching priority.

News
CISA adds two Google Chrome zero-days to KEV catalog

CISA added CVE-2026-3909 and CVE-2026-3910 in Google Chrome to KEV, signaling active exploitation risk.

News
CISA flags SolarWinds, Ivanti, and Workspace ONE flaws as actively exploited

CISA added three actively exploited vulnerabilities—CVE-2025-26399, CVE-2026-1603, and CVE-2021-22054—to the KEV catalog, with near-term federal remediation deadlines.