CVE-2025-57785

Summary

A Double Free in XSLT show_index has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to corrupt data which may lead to arbitrary code execution.

Affected Software

VendorProductVersion RangeStatus
HiawathaHiawatha Web server11.47 <= 10.8.2affected

Weaknesses

  • CWE-415 Double Free

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References