Laravel Flaw Exposes 600 Apps to Remote Code Attacks

A critical Laravel flaw exposes 600 apps to remote code execution by leaking APP_KEY values, according to recent research by GitGuardian and Synacktiv. Since 2018, attackers have accessed over 260,000 APP_KEYs from public GitHub repositories, enabling exploitation across multiple Laravel versions.

The flaw stems from Laravel’s decrypt() function, which automatically deserializes data without validation. Malicious actors use phpggc tools to craft payloads that trigger code execution. One-third of the exposed keys also include sensitive credentials like cloud tokens and database passwords. The Laravel flaw exposes 600 apps directly to RCE, with 120 still active and vulnerable.

Researchers identified 28,000 instances where both APP_KEY and APP_URL were exposed, creating ideal conditions for session hijacking. Legacy vulnerabilities like CVE-2018-15133 and newer flaws such as CVE-2024-55555 confirm that this attack vector remains active in production.

Security teams should rotate exposed keys immediately and adopt automated secret detection tools.

Read the full article at https://cybersecuritynews.com/laravel-app_key-rce-vulnerability/