CVE-2025-57784 | THREATINT

Description

Tomahawk auth timing attack due to usage of `strcmp` has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client.

PUBLISHED Reserved 2025-08-19 | Published 2026-01-26 | Updated 2026-01-26 | Assigner certcc

Problem types

CWE-208 Observable Timing Discrepancy

Product status

11.7 (custom)

affected

References

gitlab.com/...a/-/blame/master/src/tomahawk.c?ref_type=heads

cve.org (CVE-2025-57784)

nvd.nist.gov (CVE-2025-57784)

Download JSON