AI description
CVE-2025-54123 is a command injection vulnerability found in Hoverfly, an open-source API simulation tool. This flaw affects versions 1.11.3 and prior, specifically within the `/api/v2/hoverfly/middleware` API endpoint. The vulnerability arises from insufficient input validation and sanitization, allowing attackers to inject and execute arbitrary system commands. By sending specially crafted HTTP requests to the middleware API, malicious input is passed directly to system command execution. This enables remote code execution (RCE) on systems running vulnerable Hoverfly services, with the commands executing under the privileges of the Hoverfly process.
- Description
- Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, the middleware functionality in Hoverfly is vulnerable to command injection vulnerability at `/api/v2/hoverfly/middleware` endpoint due to insufficient validation and sanitization in user input. The vulnerability exists in the middleware management API endpoint `/api/v2/hoverfly/middleware`. This issue is born due to combination of three code level flaws: Insufficient Input Validation in middleware.go line 94-96; Unsafe Command Execution in local_middleware.go line 14-19; and Immediate Execution During Testing in hoverfly_service.go line 173. This allows an attacker to gain remote code execution (RCE) on any system running the vulnerable Hoverfly service. Since the input is directly passed to system commands without proper checks, an attacker can upload a malicious payload or directly execute arbitrary commands (including reverse shells) on the host server with the privileges of the Hoverfly process. Commit 17e60a9bc78826deb4b782dca1c1abd3dbe60d40 in version 1.12.0 disables the set middleware API by default, and subsequent changes to documentation make users aware of the security changes of exposing the set middleware API.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- hoverfly
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
🔓 Rooted DevArea on @HackTheBox! Anon FTP → JAR decompile → CVE-2022-46364 (CXF LFI) → CVE-2025-54123 (HoverFly RCE) → Binary hijack → ROOT 👑 Full writeup 👇 📝 Medium: https://t.co/2fOI1sTWlm 💼 LinkedIn: https://t.co/wz54yNIwX9 #HackTheBox #ctf https://
@iamvivekz
7 May 2026
998 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
1 Quote
CVE-2025-54123 Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, the middleware functionality in Hoverfly is vulnerable to command injection vulnerabilit… https://t.co/eKb6y1KqZ0
@CVEnew
10 Sept 2025
277 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-54123: CRITICAL] Vulnerability alert: Hoverfly API simulation tool versions 1.11.3 and earlier are prone to command injection at `/api/v2/hoverfly/middleware` endpoint. Update recommended to fix RC...#cve,CVE-2025-54123,#cybersecurity https://t.co/VyDsvX2OHw https://t.c
@CveFindCom
10 Sept 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hoverfly:hoverfly:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52876127-6BCA-42D6-9133-2A7A0B326DE8",
"versionEndExcluding": "1.12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]