CVE-2025-54123
Hoverfly · Hoverfly
Hoverfly contains a command injection vulnerability in its middleware functionality at the /api/v2/hoverfly/middleware endpoint, allowing unauthorized remote code execution.
Executive summary
A critical command injection vulnerability in Hoverfly versions 1.11.3 and prior allows unauthenticated attackers to execute arbitrary system commands.
Vulnerability
This vulnerability involves improper input validation within the middleware configuration API. An unauthenticated attacker can supply malicious payloads to the command execution interface, resulting in full system compromise.
Business impact
The CVSS score of 9.8 reflects the high risk of this vulnerability, which grants attackers full control over the underlying host operating system. Successful exploitation could result in total data exfiltration, service disruption, and lateral movement within the network, posing a severe threat to business continuity.
Remediation
Immediate Action: Upgrade to the latest available version of Hoverfly that addresses this command injection flaw.
Proactive Monitoring: Inspect server access logs for anomalous requests directed at the /api/v2/hoverfly/middleware endpoint and monitor system processes for unexpected child spawns.
Compensating Controls: Implement strict network segmentation and apply WAF rules to block malicious input patterns targeting the middleware API until the software can be patched.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
Given the critical severity of this command injection vulnerability, immediate patching is required to prevent unauthorized system access. Organizations should prioritize updating all instances of Hoverfly to the latest version to mitigate the risk of remote code execution.