CVE-2025-57784
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-26

Last updated on: 2026-02-18

Assigner: CERT/CC

Description
Tomahawk auth timing attack due to usage of `strcmp` has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-26
Last Modified
2026-02-18
Generated
2026-06-16
AI Q&A
2026-01-26
EPSS Evaluated
2026-06-14
NVD
CVE-2025-57784
EUVD
EUVD-2025-206342
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
hiawatha-webserver hiawatha 11.7
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an authentication timing attack in the Tomahawk administrative shell of the Hiawatha webserver version 11.7. It arises because the authentication mechanism uses the `strcmp` function, which can leak timing information. A local attacker can exploit this timing difference to gain unauthorized access to the management client of the webserver. [1]

Impact Analysis

This vulnerability allows a local attacker to bypass authentication and access the management client of the Hiawatha webserver. This unauthorized access could enable the attacker to execute administrative commands, manage clients, ban or unban IPs, view server status, and potentially disrupt or control the webserver operations. [1]

Detection Guidance

This vulnerability involves a timing attack on the Tomahawk authentication in Hiawatha webserver version 11.7. Detection can be approached by monitoring for unusual or unauthorized access attempts to the Tomahawk administrative shell. Using the Tomahawk shell commands, you can check current bans, clients, and request logs to identify suspicious activity. Suggested commands include: 'show clients' to view connected clients, 'show requests' to monitor HTTP requests if enabled, and 'show bans' to review banned IPs. Additionally, monitoring logs for exploit attempts or abnormal authentication patterns may help detect exploitation attempts. [1]

Mitigation Strategies

Immediate mitigation steps include restricting local access to the Tomahawk administrative shell to trusted users only, as the vulnerability allows local attackers to gain management access. Use the Tomahawk commands to ban suspicious IP addresses ('ban <ip> [<time>]'), kick unauthorized clients ('kick <id|ip|all>'), and clear counters or cache if needed. Ensure strong passwords are set for administrator authentication. Additionally, disconnect all administrators and reset sessions if suspicious activity is detected using 'disconnect_admins()' functionality. Monitoring and limiting idle timeouts can also reduce risk by auto-logging out inactive sessions. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-57784. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart