CVE-2025-57783

MEDIUM

Hiawatha 11.7 - Unauthenticated Request Smuggling via Improper Header Parsing

Title source: llm

Description

Improper header parsing may lead to request smuggling has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to access restricted resources managed by Hiawatha webserver.

References (1)

Core 1

Core References

Various Sources

https://gitlab.com/hsleisink/hiawatha/-/blame/master/src/http.c?ref_type=heads#L205

View Writeup ZIP pw:eip

Scores

CVSS v3 5.3

EPSS 0.0001

EPSS Percentile 1.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

Status published

Products (1)

hiawatha-webserver/hiawatha 11.7

Published Jan 26, 2026

Tracked Since Feb 18, 2026