Exploit for Improper Input Validation in Hoverfly

CVE-2025-54123 — Hoverfly Middleware API Remote Code Execution...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the /api/v2/hoverfly/middleware endpoint. An attacker can execute arbitrary system commands by supplying crafted input to the binary and script parameters, which are passed directly to command execution without...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the /api/v2/hoverfly/middleware endpoint. An attacker can execute arbitrary system commands by supplying crafted input to the binary and script parameters, which are passed directly to command execution without...

GHSA-R4H8-HFP2-GGMF Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation

Summary It has been discovered that the middleware functionality in Hoverfly is vulnerable to command injection through its /api/v2/hoverfly/middleware endpoint due to insufficient validation and sanitization in user input. Details The vulnerability exists in the middleware management API endpoin...

CVE-2025-54123 Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation

Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, the middleware functionality in Hoverfly is vulnerable to command injection vulnerability at /api/v2/hoverfly/middleware endpoint due to insufficient validation and sanitization in user input. The vulnerability exists i...