Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2025-34300

🗓️ 16 Jul 2025 12:57:27Reported by VulnCheckType 
cve
 cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 63 Views🌐 WEB

CVE-2025-34300 vulnerability in Sawtooth Lighthouse Studio allows pre-authentication RCE attacks.

Related
Detection
Affected
Refs
Paths
Social
ReporterTitlePublishedViews
Family
ATTACKERKB		CVE-2025-34300
16 Jul 202512:57
attackerkb
Circl		CVE-2025-34300
16 Jul 202512:25
circl
CNNVD		Sawtooth Lighthouse Studio 安全漏洞
16 Jul 202500:00
cnnvd
Cvelist		CVE-2025-34300 Sawtooth Software Lighthouse Studio < 9.16.14 Pre-Authentication RCE
16 Jul 202512:57
cvelist
EUVD		EUVD-2025-21694
16 Jul 202512:57
euvd
GithubExploit		Exploit for CVE-2025-34300
1 Sep 202514:06
githubexploit
Metasploit		Template Injection Vulnerability in Sawtooth Software's Lighthouse Studio (CVE-2025-34300)
9 Sep 202518:55
metasploit
Nuclei		SawtoothSoftware Lighthouse Studio < 9.16.14 - Pre-Auth Remote Code Execution
6 Jun 202603:01
nuclei
NVD		CVE-2025-34300
16 Jul 202513:15
nvd
Packet Storm		📄 Sawtooth Software Lighthouse Studios Template Injection
9 Sep 202500:00
packetstorm
Rows per page
Vulners
Node
sawtooth_softwarelighthouse_studioRange09.16.14
[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "ciwweb.pl"
    ],
    "product": "Lighthouse Studio",
    "vendor": "Sawtooth Software",
    "versions": [
      {
        "lessThan": "9.16.14",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
hid_javascriptquery paramcgi-bin/ciwweb.plTemplate injection vulnerability leading to remote code execution via unsanitized user input in Lighthouse Studio ciwweb.pl; unauthenticated exploitation possible (CVE-2025-34300).CWE-20CWE-1336
hid_Random_ACARATquery paramcgi-bin/ciwweb.plTemplate injection vulnerability leading to remote code execution via unsanitized user input in Lighthouse Studio ciwweb.pl; unauthenticated exploitation possible (CVE-2025-34300).CWE-20CWE-1336

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
26 May 2026 11:51Current
7.3High risk
Vulners AI Score7.3
CVSS 410
EPSS0.73648
SSVC
CWE-20CWE-1336In Wild
sawtooth softwarelighthouse studiopre-authenticationtemplate injectionremote command execution
63