CVE-2025-54376
Published: 10 September 2025
Summary
CVE-2025-54376 is a high-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Hoverfly Hoverfly. Its CVSS base score is 7.8 (High).
Operationally, ranked at the 36.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-27610
Vulnerability details
Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, Hoverfly’s admin WebSocket endpoint /api/v2/ws/logs is not protected by the same authentication middleware that guards the REST admin API. Consequently, an unauthenticated remote attacker can stream real-time…
more
application logs (information disclosure) and/or gain insight into internal file paths, request/response bodies, and other potentially sensitive data emitted in logs. Version 1.12.0 contains a fix for the issue.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Literacy training teaches users to recognize and avoid actions that result in unauthorized exposure of sensitive information.
Monitoring directly detects unauthorized disclosure of sensitive information, enabling response to exposures.
Session auditing enables detection of unauthorized exposure or access to sensitive information during user activities.
Coordinating audit logging across organizational boundaries reduces the risk of sensitive audit data being exposed to unauthorized actors during transmission.
Audit record review and analysis can detect unauthorized exposure or access to sensitive information.
Penetration testing probes authentication mechanisms for bypasses, allowing identification and fixing of improper authentication issues.
A data action map identifies locations where sensitive information may be exposed to unauthorized actors during processing or transfer.
The integrated analysis team enables faster detection and containment of incidents involving unauthorized exposure of sensitive information, limiting attacker success in exploiting such weaknesses.