{"id":75942,"date":"2025-09-17T04:37:22","date_gmt":"2025-09-17T04:37:22","guid":{"rendered":""},"modified":"2025-09-28T17:20:07","modified_gmt":"2025-09-28T23:20:07","slug":"cve-2025-54123-remote-code-execution-vulnerability-in-hoverfly-api-simulation-tool","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-54123-remote-code-execution-vulnerability-in-hoverfly-api-simulation-tool\/","title":{"rendered":"<strong>CVE-2025-54123: Remote Code Execution Vulnerability in Hoverfly API Simulation Tool<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>The Hoverfly API simulation tool, an open-source software widely used for API testing and simulation, has been identified with a major vulnerability, identified as CVE-2025-54123. This vulnerability affects all versions of Hoverfly up to and including 1.11.3, and allows attackers to perform remote code execution on systems running the vulnerable service. This flaw is significant as it can <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-7775-critical-memory-overflow-vulnerability-in-netscaler-adc-and-gateway-leading-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"83797\">potentially lead to a system<\/a> compromise or data leakage, hence representing a considerable risk to companies using Hoverfly in their workflows.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-54123<br \/>\nSeverity: Critical (CVSS: 9.8)<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: None<br \/>\nUser Interaction: None<br \/>\nImpact: <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-0074-critical-remote-code-execution-vulnerability-in-sdp-discovery\/\"  data-wpil-monitor-id=\"83565\">Remote Code Execution<\/a>, Potential system compromise or data leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-2910256646\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p>Hoverfly | 1.11.3 and prior<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-58259-denial-of-service-vulnerability-in-rancher-manager-due-to-unrestricted-payload-size\/\"  data-wpil-monitor-id=\"85814\">vulnerability in question is due<\/a> to a combination of three distinct code-level flaws in Hoverfly. First, the program permits Insufficient <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-52451-improper-input-validation-vulnerability-in-salesforce-tableau-server\/\"  data-wpil-monitor-id=\"85917\">Input Validation<\/a> in middleware.go line 94-96. Secondly, there&#8217;s Unsafe <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-57771-arbitrary-command-execution-vulnerability-in-roo-code-ai\/\"  data-wpil-monitor-id=\"84817\">Command Execution<\/a> in local_middleware.go line 14-19. Lastly, Immediate Execution During Testing is observed in hoverfly_service.go line 173.<br \/>\nThese flaws collectively result in a command <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-50972-sql-injection-vulnerability-in-abantecart-1-4-2-with-a-high-severity-score\/\"  data-wpil-monitor-id=\"83543\">injection vulnerability<\/a> at the `\/api\/v2\/hoverfly\/middleware` endpoint. As a result, an attacker can upload a malicious payload or directly <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-52353-arbitrary-code-execution-vulnerability-in-badaso-cms-2-9-11\/\"  data-wpil-monitor-id=\"83956\">execute arbitrary<\/a> commands (including reverse shells) on the host server with the privileges of the Hoverfly process.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-252256841\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>Given the nature of the vulnerability, an attacker could exploit it by <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-54731-code-injection-vulnerability-in-emarket-design-youtube-showcase\/\"  data-wpil-monitor-id=\"85868\">injecting malicious code<\/a> in the JSON payload. A conceptual example might look something like this:<\/p>\n<pre><code class=\"\" data-line=\"\">POST \/api\/v2\/hoverfly\/middleware HTTP\/1.1\nHost: target.example.com\nContent-Type: application\/json\n{ &quot;middleware&quot;: &quot;; rm -rf \/; # &quot; }<\/code><\/pre>\n<p>In this example, the attacker is attempting to delete all files on the server by exploiting the command <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-52122-critical-server-side-template-injection-ssti-vulnerability-in-freeform-plugin-for-craftcms\/\"  data-wpil-monitor-id=\"84044\">injection vulnerability<\/a>. The attacker is passing a command (`rm -rf \/`) as part of the `middleware` JSON value which then gets executed on the server due to insufficient <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-43115-improper-input-validation-vulnerability-in-apache-dolphinscheduler\/\"  data-wpil-monitor-id=\"86243\">validation and sanitization of user input<\/a>.<\/p>\n<p><strong>How to Mitigate<\/strong><\/p>\n<p>Users of the Hoverfly API simulation tool are urged to upgrade to version 1.12.0 or later, which includes a patch for this vulnerability. As an added layer of security, the use of a Web Application Firewall (WAF) or Intrusion Detection System (IDS) could help monitor and block attempted exploits.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview The Hoverfly API simulation tool, an open-source software widely used for API testing and simulation, has been identified with a major vulnerability, identified as CVE-2025-54123. This vulnerability affects all versions of Hoverfly up to and including 1.11.3, and allows attackers to perform remote code execution on systems running the vulnerable service. This flaw is [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[78,80],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-75942","post","type-post","status-publish","format-standard","hentry","category-uncategorized","attack_vector-injection","attack_vector-rce"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/75942","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=75942"}],"version-history":[{"count":10,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/75942\/revisions"}],"predecessor-version":[{"id":79039,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/75942\/revisions\/79039"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=75942"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=75942"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=75942"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=75942"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=75942"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=75942"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=75942"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=75942"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=75942"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}