All 3 CVE vulnerabilities found in hoverfly, with AI-generated Chinese analysis, references, and POCs.
Vendor: SpectoLabs
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-54376 | Hoverfly's WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled. CWE-200 | 7.5AI | HighAI | 2025-09-10 |
| CVE-2025-54123 | Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation CWE-20 | 9.8 | Critical | 2025-09-10 |
| CVE-2024-45388 | Arbitrary file read in the `/api/v2/simulation` endpoint in hoverfly (`GHSL-2023-274`) CWE-200 | 7.5 | High | 2024-09-02 |
All 3 known CVE vulnerabilities affecting hoverfly with full Chinese analysis, references, and POCs where available.