CVE-2025-54123 Scanner

Hoverfly is an open source service virtualization tool used by developers and testers to simulate APIs. It allows users to create realistic testing environments, configure simulated endpoints, and helps in performance testing of software. Its key feature is that it provides the ability to mimic real-world traffic, making it ideal for testing applications in isolated or remote environments where the real services are unavailable. Hoverfly is primarily used in continuous integration/continuous delivery (CI/CD) pipelines to ensure software robustness before deployment. It appeals greatly to DevOps engineers seeking efficient testing solutions with a lightweight overhead. The service is available in a comprehensive package supporting multiple protocols, making it flexible for various online services.

The Remote Code Execution (RCE) vulnerability in Hoverfly enables unauthorized remote users to execute arbitrary commands on the affected system. The issue resides in the middleware API endpoint which lacks sufficient validation checks on its input parameters. Specifically, the 'binary' and 'script' parameters are vulnerable, making the system susceptible to malicious code injection. This critical security flaw allows an attacker to take control of the system, potentially compromising sensitive information and service functionality. The risk is exacerbated when combined with the fact that no authentication is initially required for exploitation. Addressing this vulnerability is crucial as it can lead to severe breaches and service downtime.

In technical terms, the vulnerability surfaces due to improper input validation in the middleware API (located at /api/v2/hoverfly/middleware). Users are allowed to pass arbitrary commands through unvalidated 'binary' and 'script' fields. By injecting a command such as "/bin/sh" with a secondary script like "cat /etc/passwd", an attacker can successfully retrieve sensitive file data. To exploit this, a PUT request is crafted and sent to the susceptible endpoint, resulting in command execution if the server returns a status code indicating partial execution (e.g., 422). Various patterns in the response indicate the success of the exploit, especially when specific strings are identified in the body, marking the control of execution.

Exploitation of this vulnerability could allow attackers to take control of affected systems, leading to unauthorized access to sensitive data and potential data loss. Compromised systems could be used to further attack other network resources, resulting in additional breaches. Affected organizations may face business disruption, data theft, infrastructure sabotage, and potential legal liabilities. Addressing and mitigating this vulnerability is critical to maintaining system integrity and protecting organizational data from unauthorized access and manipulation.

REFERENCES

• https://github.com/advisories/GHSA-r4h8-hfp2-ggmf
• https://github.com/SpectoLabs/hoverfly/security/advisories/GHSA-r4h8-hfp2-ggmf