CVE-2025-54376 is a high-severity vulnerability affecting SpectoLabs' open source API simulation tool, Hoverfly, specifically versions prior to 1.12.0. The vulnerability arises because the admin WebSocket endpoint /api/v2/ws/logs lacks the authentication middleware that protects the REST admin API endpoints. This design flaw allows unauthenticated remote attackers to connect to the WebSocket endpoint and stream real-time application logs. These logs may contain sensitive information such as internal file paths, request and response bodies, and other data that could aid attackers in reconnaissance or further exploitation. The vulnerability is classified under CWE-200 (Exposure of Sensitive Information) and CWE-287 (Improper Authentication). The CVSS 4.0 base score is 7.8, reflecting a high severity due to the network attack vector, no required privileges or user interaction, and a high impact on confidentiality. Although no known exploits are currently in the wild, the ease of exploitation and the sensitive nature of the leaked data make this a significant risk. The issue was addressed in Hoverfly version 1.12.0 by adding proper authentication controls to the WebSocket admin endpoint, aligning it with the protections on the REST API.

For European organizations using Hoverfly for API simulation and testing, this vulnerability could lead to unauthorized disclosure of sensitive internal information. Exposure of application logs can reveal internal architecture details, API request and response data, and potentially sensitive business or user data. This information leakage can facilitate further attacks such as targeted phishing, exploitation of other vulnerabilities, or lateral movement within networks. Since Hoverfly is often used in development, testing, and staging environments, the impact might extend beyond production systems if these environments are connected to internal networks. Confidentiality is primarily impacted, but integrity and availability are less directly affected. The risk is heightened for organizations in regulated sectors (e.g., finance, healthcare, telecommunications) where data privacy is critical and compliance with GDPR and other regulations is mandatory. Unauthorized access to logs could also expose personal data, leading to regulatory penalties and reputational damage.

European organizations should immediately upgrade Hoverfly to version 1.12.0 or later to ensure the WebSocket admin endpoint is properly secured with authentication middleware. Until the upgrade is applied, organizations should restrict network access to the Hoverfly admin interface using network segmentation, firewall rules, or VPNs to limit exposure to trusted users only. Monitoring and logging access to the admin endpoints should be enhanced to detect any unauthorized connection attempts. Additionally, organizations should review the contents of logs exposed via the WebSocket endpoint and sanitize or minimize sensitive information logged during API simulation. Implementing role-based access controls (RBAC) and enforcing strong authentication mechanisms for all admin interfaces is recommended. Finally, security teams should conduct audits of development and testing environments to ensure that similar misconfigurations do not exist elsewhere.