CVE-2025-54376
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-10

Last updated on: 2026-04-29

Assigner: GitHub, Inc.

Description
Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, Hoverfly’s admin WebSocket endpoint /api/v2/ws/logs is not protected by the same authentication middleware that guards the REST admin API. Consequently, an unauthenticated remote attacker can stream real-time application logs (information disclosure) and/or gain insight into internal file paths, request/response bodies, and other potentially sensitive data emitted in logs. Version 1.12.0 contains a fix for the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-10
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-09-10
EPSS Evaluated
2026-06-15
NVD
CVE-2025-54376
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
hoverfly hoverfly to 1.12.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-532 The product writes sensitive information to a log file.
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-54376 is a security vulnerability in Hoverfly versions 1.11.3 and earlier where the WebSocket endpoint /api/v2/ws/logs is not protected by authentication middleware, unlike the REST admin API. This allows an unauthenticated remote attacker to connect to this endpoint and stream real-time application logs, which may contain sensitive information such as internal file paths, request and response bodies, authentication tokens, and other confidential data. Essentially, it is an authentication bypass and information disclosure vulnerability. [1]

Impact Analysis

This vulnerability can impact you by allowing an unauthenticated attacker to access real-time application logs without authorization. These logs may expose sensitive information including internal file paths, proxied request and response bodies, authentication tokens, and other confidential data. This exposure can lead to information disclosure, potentially aiding attackers in further compromising your system or data. [1]

Detection Guidance

You can detect this vulnerability by attempting to connect to the WebSocket endpoint /api/v2/ws/logs without authentication, even when Hoverfly is started with the --auth flag enabled. For example, using a WebSocket client like wscat, run the command: wscat -c ws://<hoverfly-host>:<port>/api/v2/ws/logs. If you receive a stream of real-time application logs without providing credentials, your system is vulnerable. [1]

Mitigation Strategies

The immediate mitigation is to upgrade Hoverfly to version 1.12.0 or later, where the WebSocket endpoint /api/v2/ws/logs is secured by token-based authentication. If upgrading is not immediately possible, restrict network access to the Hoverfly admin interface to trusted users only, and monitor for unauthorized WebSocket connections to the logs endpoint. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-54376. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart