SawtoothSoftware Lighthouse Studio < 9.16.14 - Pre-Auth Remote Code Execution

A pre-authentication remote code execution vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14. The issue arises from the unsafe use of the eval function within the Perl CGI component ciwweb.pl, where attacker-supplied input inside hidRandomACARAT is directly...

📄 Sawtooth Lighthouse Studio 9.16.14 Remote Command Execution

Sawtooth Lighthouse Studio version 9.16.14 proof of concept remote command execution exploit. ============================================================================================================================================= | Title : Sawtooth Lighthouse Studio 9.16.14 RCE | | Author :...

Metasploit Wrap-Up 09/12/25

New LightHouse Studio RCE module This week we've added a new module that exploits an unauthenticated template injection vulnerability CVE-2025-34300 in Sawtooth Software’s Lighthouse Studio, allowing arbitrary Perl execution via survey templates in versions prior to 9.16.14. This module has the...

Template Injection Vulnerability in Sawtooth Software's Lighthouse Studio (CVE-2025-34300)

This module exploits a template injection vulnerability in the Sawtooth Software Lighthouse Studio's ciwweb.pl web application. The application fails to properly sanitize user input within survey templates, allowing unauthenticated attackers to inject and execute arbitrary Perl commands on the...

VulnCheck KEV: CVE-2025-34300

A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands...

Lighthouse Studio < 9.16.14 Remote Code Execution

Lighthouse Studio version 9.16.3 and earlier is vulnerable to a remote code execution through the ciwweb.pl Perl web application. This vulnerability allows an attacker to execute arbitrary code on the server by sending a specially crafted request to the ciwweb.pl script. No source data...

CVE-2025-34300

A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands...

CVE-2025-34300

A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands...

CVE-2025-34300

Sawtooth Software Lighthouse Studio

EUVD-2025-21694

A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands...

CVE-2025-34300 Sawtooth Software Lighthouse Studio < 9.16.14 Pre-Authentication RCE

A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands...

CVE-2025-34300 Sawtooth Software Lighthouse Studio < 9.16.14 Pre-Authentication RCE

A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands...

Sawtooth Lighthouse Studio 安全漏洞

Sawtooth Lighthouse Studio is a federated analytics platform from Sawtooth USA. A security vulnerability exists in Sawtooth Lighthouse Studio versions prior to 9.16.14 that stems from template injection and could lead to the execution of arbitrary commands...