Vulnerability Details CVE-2025-57784
Tomahawk auth timing attack due to usage of `strcmp` has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.5%
CVSS Severity
CVSS v3 Score 3.3
Products affected by CVE-2025-57784
-
cpe:2.3:a:hiawatha-webserver:hiawatha:11.7