VYPR
Unrated severityOSV Advisory· Published Jan 26, 2026· Updated Jan 26, 2026

Tomahawk authentication timing attack due to usage of 'strcmp'

CVE-2025-57784

Description

Tomahawk auth timing attack due to usage of strcmp has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Hiawatha/HiawathaOSV2 versions
    9.3.1, v10.0, v10.1, …+ 1 more
    • (no CPE)range: 9.3.1, v10.0, v10.1, …
    • (no CPE)range: =11.7

Patches

Vulnerability mechanics

News mentions

0

No linked articles in our index yet.