CVE-2025-57784

Name of the Vulnerable Software and Affected Versions Hiawatha webserver version 11.7

Description A timing issue exists in the authentication process of the Tomahawk module within Hiawatha webserver. This is due to the use of the strcmp function. A local attacker can potentially exploit this to gain access to the management client. The vulnerable component is the strcmp function used during authentication.

Recommendations Update Hiawatha webserver to a version that addresses this timing issue in the Tomahawk module. At the moment, there is no information about a newer version that contains a fix for this vulnerability.