CVE-2025-57784

Published: Jan 26, 2026Modified: Feb 18, 2026

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

Tomahawk auth timing attack due to usage of `strcmp` has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client.

Affected (1)

Products: Hiawatha Webserver: Hiawatha

Hiawatha Webserver

1 product

Hiawatha

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hiawatha Webserver Hiawatha	Version 11.7

References (1)

https://gitlab.com/hsleisink/hiawatha/-/blame/master/src/tomahawk.c?ref_type=heads#L429

Source: cret@cert.org

Product

Timeline

No history available yet.