Vulnerability Description
A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands.
Related Weaknesses (CWE)
References
- https://sawtoothsoftware.com/resources/software-downloads/lighthouse-studio/vers
- https://slcyber.io/assetnote-security-research-center/rce-in-the-most-popular-su
- https://www.vulncheck.com/advisories/sawtooth-software-lighthouse-studio-preauth
- https://slcyber.io/assetnote-security-research-center/rce-in-the-most-popular-su
FAQ
What is CVE-2025-34300?
CVE-2025-34300 is a documented vulnerability. A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ Perl web application. Exploitation allows an unauthen...
How severe is CVE-2025-34300?
CVSS scoring is not yet available for CVE-2025-34300. Check NVD for updates.
Is there a patch for CVE-2025-34300?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.