CVE-2025-57785
BaseFortify
Publication date: 2026-01-26
Last updated on: 2026-02-13
Assigner: CERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hiawatha.leisink | hiawatha_webserver | 11.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-415 | The product calls free() twice on the same memory address. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-57785 is a Double Free vulnerability in the XSLT 'show_index' functionality of the Hiawatha webserver version 11.7. This flaw allows an unauthenticated attacker to corrupt memory by freeing the same memory twice during the processing of XSLT transformations, which can lead to arbitrary code execution on the server. The vulnerability arises from improper memory management in the XSLT processing code, specifically related to handling parameters and applying XSLT stylesheets to XML data. [1]
How can this vulnerability impact me? :
This vulnerability can allow an unauthenticated attacker to execute arbitrary code on the affected Hiawatha webserver, potentially leading to full system compromise. By exploiting the double free flaw, an attacker could corrupt memory, crash the server, or run malicious code with the privileges of the webserver process, resulting in data breaches, service disruption, or unauthorized access. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for abnormal behavior related to the XSLT processing in the Hiawatha web server, especially around requests that trigger the 'show_index' functionality with XML and XSLT files. Since the vulnerability is a double free in the XSLT processing code, direct detection commands are not provided in the resources. However, you can check the version of Hiawatha web server to see if it is version 11.7, which is vulnerable. For example, use commands like `hiawatha -v` or check the package version. Additionally, monitoring logs for crashes or memory corruption related to XSLT requests may help. Specific commands to detect exploitation attempts are not detailed in the provided resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the Hiawatha web server to a version later than 11.7 where this double free vulnerability in the XSLT 'show_index' functionality is fixed. If an upgrade is not immediately possible, disabling XSLT support or the 'show_index' feature in the server configuration can reduce exposure. Additionally, restricting access to XML files that trigger XSLT processing or applying firewall rules to limit unauthenticated access to the vulnerable endpoints may help mitigate risk. Careful review and hardening of the server's handling of XSLT transformations and parameters is recommended. [1]