CVE-2025-57784

Summary

Tomahawk auth timing attack due to usage of strcmp has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client.

Affected Software

VendorProductVersion RangeStatus
HiawathaHiawatha Web server11.7 <= 8.5affected

Weaknesses

  • CWE-208 Observable Timing Discrepancy

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References