CVE-2025-54123 is a critical remote code execution (RCE) vulnerability affecting SpectoLabs' open source API simulation tool, Hoverfly, specifically versions 1.11.3 and earlier. The vulnerability resides in the middleware management API endpoint `/api/v2/hoverfly/middleware`. It stems from improper input validation (CWE-20) combined with unsafe command execution (CWE-78) and immediate execution during testing. The root cause involves three code-level flaws: insufficient input validation in middleware.go (lines 94-96), unsafe command execution in local_middleware.go (lines 14-19), and immediate execution in hoverfly_service.go (line 173). These flaws allow an attacker to inject arbitrary system commands via the middleware API without authentication or user interaction. Since the input is passed directly to system commands without sanitization, an attacker can execute arbitrary payloads, including reverse shells, with the privileges of the Hoverfly process. This can lead to full system compromise on any host running the vulnerable Hoverfly service. The vendor has mitigated this by disabling the set middleware API by default in a later commit and updating documentation to warn users about the risks of exposing this API. The vulnerability has a CVSS 3.1 base score of 9.8, reflecting its critical severity with network attack vector, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. No known exploits are reported in the wild yet, but the ease of exploitation and severity make it a high-risk threat for affected deployments.

For European organizations using Hoverfly versions 1.11.3 or earlier, this vulnerability poses a severe risk. An attacker can remotely execute arbitrary commands on the host system, potentially leading to full system compromise, data theft, service disruption, or lateral movement within the network. Given Hoverfly's role in API simulation and testing, compromised systems could be used to manipulate testing environments or serve as footholds for further attacks. This is particularly critical for organizations relying on Hoverfly in development, testing, or staging environments that may have access to sensitive data or internal networks. The lack of authentication and user interaction requirements means attackers can exploit this vulnerability remotely and silently, increasing the risk of undetected breaches. The impact extends to confidentiality, integrity, and availability of affected systems, potentially disrupting business operations and causing regulatory compliance issues under GDPR if personal data is exposed or systems are compromised.

1. Immediately upgrade Hoverfly to a version later than 1.11.3 where the set middleware API is disabled by default or patched to prevent command injection. 2. If upgrading is not immediately possible, disable or restrict access to the `/api/v2/hoverfly/middleware` endpoint, ideally limiting it to trusted internal networks or via VPN. 3. Implement strict network segmentation and firewall rules to prevent unauthorized external access to Hoverfly services. 4. Monitor logs and network traffic for unusual activity related to the middleware API endpoint, such as unexpected command executions or reverse shell attempts. 5. Conduct a thorough audit of systems running Hoverfly to detect any signs of compromise or unauthorized command execution. 6. Educate development and security teams about the risks of exposing middleware APIs and enforce secure coding and deployment practices. 7. Consider deploying runtime application self-protection (RASP) or endpoint detection and response (EDR) tools to detect and block suspicious command execution attempts at the host level.