CVE-2025-57785
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-26

Last updated on: 2026-02-13

Assigner: CERT/CC

Description
A Double Free in XSLT `show_index` has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to corrupt data which may lead to arbitrary code execution.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-26
Last Modified
2026-02-13
Generated
2026-06-16
AI Q&A
2026-01-26
EPSS Evaluated
2026-06-14
NVD
CVE-2025-57785
EUVD
EUVD-2025-206341
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
hiawatha.leisink hiawatha_webserver 11.7
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-415 The product calls free() twice on the same memory address.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-57785 is a Double Free vulnerability in the XSLT 'show_index' functionality of the Hiawatha webserver version 11.7. This flaw allows an unauthenticated attacker to corrupt memory by freeing the same memory twice during the processing of XSLT transformations, which can lead to arbitrary code execution on the server. The vulnerability arises from improper memory management in the XSLT processing code, specifically related to handling parameters and applying XSLT stylesheets to XML data. [1]

Impact Analysis

This vulnerability can allow an unauthenticated attacker to execute arbitrary code on the affected Hiawatha webserver, potentially leading to full system compromise. By exploiting the double free flaw, an attacker could corrupt memory, crash the server, or run malicious code with the privileges of the webserver process, resulting in data breaches, service disruption, or unauthorized access. [1]

Detection Guidance

Detection of this vulnerability involves monitoring for abnormal behavior related to the XSLT processing in the Hiawatha web server, especially around requests that trigger the 'show_index' functionality with XML and XSLT files. Since the vulnerability is a double free in the XSLT processing code, direct detection commands are not provided in the resources. However, you can check the version of Hiawatha web server to see if it is version 11.7, which is vulnerable. For example, use commands like `hiawatha -v` or check the package version. Additionally, monitoring logs for crashes or memory corruption related to XSLT requests may help. Specific commands to detect exploitation attempts are not detailed in the provided resources. [1]

Mitigation Strategies

Immediate mitigation steps include upgrading the Hiawatha web server to a version later than 11.7 where this double free vulnerability in the XSLT 'show_index' functionality is fixed. If an upgrade is not immediately possible, disabling XSLT support or the 'show_index' feature in the server configuration can reduce exposure. Additionally, restricting access to XML files that trigger XSLT processing or applying firewall rules to limit unauthenticated access to the vulnerable endpoints may help mitigate risk. Careful review and hardening of the server's handling of XSLT transformations and parameters is recommended. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-57785. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart