{"id":"GO-2025-3944","summary":"Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation in github.com/SpectoLabs/hoverfly","details":"Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation in github.com/SpectoLabs/hoverfly","aliases":["CVE-2025-54123","GHSA-r4h8-hfp2-ggmf"],"modified":"2026-03-17T05:05:28.565358Z","published":"2025-09-17T17:03:49Z","database_specific":{"url":"https://pkg.go.dev/vuln/GO-2025-3944","review_status":"UNREVIEWED"},"references":[{"type":"ADVISORY","url":"https://github.com/SpectoLabs/hoverfly/security/advisories/GHSA-r4h8-hfp2-ggmf"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54123"},{"type":"FIX","url":"https://github.com/SpectoLabs/hoverfly/commit/17e60a9bc78826deb4b782dca1c1abd3dbe60d40"},{"type":"FIX","url":"https://github.com/SpectoLabs/hoverfly/commit/a9d4da7bd7269651f54542ab790d0c613d568d3e"},{"type":"FIX","url":"https://github.com/SpectoLabs/hoverfly/pull/1203"},{"type":"WEB","url":"https://github.com/SpectoLabs/hoverfly/blob/master/core/hoverfly_service.go#L173"},{"type":"WEB","url":"https://github.com/SpectoLabs/hoverfly/blob/master/core/middleware/local_middleware.go#L13"},{"type":"WEB","url":"https://github.com/SpectoLabs/hoverfly/blob/master/core/middleware/middleware.go#L93"}],"affected":[{"package":{"name":"github.com/SpectoLabs/hoverfly","ecosystem":"Go","purl":"pkg:golang/github.com/SpectoLabs/hoverfly"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3944.json"}}],"schema_version":"1.7.5"}