CVE-2025-57785 – A double free vulnerability in the XSLT show

Q: What is the severity of CVE-2025-57785?

CVE-2025-57785 has a CVSS score of 6.5 (MEDIUM). A double free vulnerability in the XSLT show_index function of Hiawatha webserver version 11.7 allows unauthenticated attackers to corrupt memory, potentially leading to arbitrary code execution. This affects all systems running the vulnerable version of Hiawatha webserver with XSLT processing enabled.

📋 TL;DR

A double free vulnerability in the XSLT show_index function of Hiawatha webserver version 11.7 allows unauthenticated attackers to corrupt memory, potentially leading to arbitrary code execution. This affects all systems running the vulnerable version of Hiawatha webserver with XSLT processing enabled.

💻 Affected Systems

Products:

Hiawatha Webserver

Versions: Version 11.7 specifically

Operating Systems: Linux, BSD, Unix-like systems

Default Config Vulnerable: ⚠️ Yes

Notes: Requires XSLT processing to be enabled and used. The vulnerability is in the xslt.c file at line 675.

📦 What is this software?

Hiawatha Webserver by Hiawatha.leisink

View all CVEs affecting Hiawatha Webserver →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with webserver privileges, allowing complete system compromise.

🟠

Likely Case

Denial of service through webserver crash or memory corruption.

🟢

If Mitigated

Limited impact if XSLT processing is disabled or proper memory protections are in place.

🌐 Internet-Facing: HIGH - Unauthenticated remote exploitation possible against internet-facing webservers.

🏢 Internal Only: MEDIUM - Internal attackers could exploit, but requires network access to webserver.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Double free vulnerabilities require specific memory manipulation but are often exploitable for code execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 11.8 or later

Vendor Advisory: https://gitlab.com/hsleisink/hiawatha/-/blame/master/src/xslt.c?ref_type=heads#L675

Restart Required: Yes

Instructions:

1. Download latest Hiawatha version from official repository. 2. Stop Hiawatha service. 3. Install new version. 4. Restart Hiawatha service.

🔧 Temporary Workarounds

Disable XSLT Processing

linux

Disable XSLT functionality in Hiawatha configuration to prevent exploitation.

Edit hiawatha.conf and remove or comment XSLT-related directives

🧯 If You Can't Patch

Disable XSLT processing in Hiawatha configuration
Implement network segmentation to restrict access to webserver

🔍 How to Verify

Check if Vulnerable:

Check Hiawatha version with 'hiawatha -v' and verify if it's 11.7

Check Version:

hiawatha -v

Verify Fix Applied:

Verify version is 11.8 or later with 'hiawatha -v'

📡 Detection & Monitoring

Log Indicators:

Unexpected webserver crashes
Memory corruption errors in system logs
Abnormal XSLT processing requests

Network Indicators:

Multiple malformed requests to XSLT endpoints
Unusual traffic patterns to webserver

SIEM Query:

source="hiawatha.log" AND ("crash" OR "segmentation fault" OR "double free")

📊 Metadata

CVE ID: CVE-2025-57785

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-415

EPSS Score: 0.09% exploit probability (25th percentile)

Published: January 26, 2026

Last Updated: February 13, 2026

🔗 References

https://gitlab.com/hsleisink/hiawatha/-/blame/master/src/xslt.c?ref_type=heads#L675 Release Notes

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-57785, you might also want to check these: