CVE-2025-54376: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in SpectoLabs hoverfly
Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, Hoverfly’s admin WebSocket endpoint /api/v2/ws/logs is not protected by the same authentication middleware that guards the REST admin API. Consequently, an unauthenticated remote attacker can stream real-time application logs (information disclosure) and/or gain insight into internal file paths, request/response bodies, and other potentially sensitive data emitted in logs. Version 1.12.0 contains a fix for the issue.
CVE-2025-54376: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in SpectoLabs hoverfly
Description
Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, Hoverfly’s admin WebSocket endpoint /api/v2/ws/logs is not protected by the same authentication middleware that guards the REST admin API. Consequently, an unauthenticated remote attacker can stream real-time application logs (information disclosure) and/or gain insight into internal file paths, request/response bodies, and other potentially sensitive data emitted in logs. Version 1.12.0 contains a fix for the issue.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-07-21T16:12:20.733Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 68c1d8ec12193b50d3fff70c
Added to database: 9/10/2025, 8:00:44 PM
Last updated: 9/10/2025, 8:00:44 PM
Views: 1
Related Threats
CVE-2025-29592: n/a
HighCVE-2025-43784: CWE-863: Incorrect Authorization in Liferay Portal
MediumCVE-2025-10201: Inappropriate implementation in Google Chrome
HighCVE-2025-10200: Use after free in Google Chrome
HighCVE-2025-10210: SQL Injection in yanyutao0402 ChanCMS
MediumActions
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.