## https://sploitus.com/exploit?id=E68A2130-DA61-5049-B54C-BC1A6944CCBF
# CVE-2025-54123 - Hoverfly Command Injection (RCE)
> PoC CVE-2025-54123 - Middleware Command Injection in Hoverfly
---
## ๐ CVE Details
* **ID**: CVE-2025-54123
* **Type**: Command Injection / Remote Code Execution (RCE)
* **Vendor**: Hoverfly
* **Impact**: Allows authenticated attackers to execute arbitrary system commands via the middleware API endpoint.
* **Affected Versions**: Hoverfly โค 1.11.3
* **More Info**:
* [GHSA-r4h8-hfp2-ggmf](https://github.com/advisories/GHSA-r4h8-hfp2-ggmf)
* [NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54123]
---
## โ๏ธ Description
This exploit targets a critical vulnerability in **Hoverfly**, specifically in the `/api/v2/hoverfly/middleware` endpoint.
The issue arises due to **insufficient validation of user-supplied input**, where the `script` parameter is passed to a system binary (e.g., `/bin/bash`) without proper sanitization.
An authenticated attacker can send a crafted request containing arbitrary commands, which are then executed on the underlying system.
This results in **Remote Command Execution (RCE)** and may lead to full system compromise.
---
## ๐ Usage
### ๐ง Requirements
* `curl`
---
### ๐ฅ Installation
```bash
git clone https://github.com/your-repo/CVE-2025-54123
```
```bash
cd CVE-2025-54123
```
```bash
chmod +x CVE-2025-54123.sh
```
---
### ๐งช Help Panel
```bash
./CVE-2025-54123.sh -h
[?] Parameters description:
-t Target base URL (e.g., http://target:8888)
-u Valid username
-p Valid password
-c Command to execute (must be enclosed in quotes)
-h Show this help panel
[i] Example:
./CVE-2025-54123.sh -t http://target.com:8888 -u admin -p password -c "id"
```
---
## ๐ง Technical Summary
* The middleware API allows execution of external scripts.
* User-controlled input is passed via the `script` parameter.
* No proper sanitization is applied before execution.
* The backend executes the input using a specified binary (e.g., `/bin/bash`).
* This allows arbitrary command execution.
---
## โ ๏ธ Notes
* Authentication is required to obtain a valid token.
* Multiple failed authentication attempts may trigger temporary blocking depending on internal configuration.
* Behavior may vary depending on deployment (e.g., Docker vs native).
---
## โ ๏ธ Disclaimer
This exploit is intended for **educational and authorized security testing purposes only**.
Do **NOT** use this against systems without explicit permission. Unauthorized access may be illegal.
The author assumes **no responsibility** for misuse or any damage caused.