CVE-2025-54123

Name of the Vulnerable Software and Affected Versions: Hoverfly versions 1.11.3 and prior

Description: Hoverfly is vulnerable to a command injection issue at the /api/v2/hoverfly/middleware endpoint due to insufficient validation and sanitization of user input. This vulnerability stems from a combination of flaws: insufficient input validation, unsafe command execution, and immediate execution during testing. An attacker can exploit this to gain remote code execution (RCE) on systems running the vulnerable Hoverfly service, potentially executing arbitrary commands with the privileges of the Hoverfly process.

Recommendations: Update to version 1.12.0 or later.