Critical severityNVD Advisory· Published Jul 16, 2025· Updated Apr 15, 2026

CVE-2025-34300

Description

A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sawtoothsoftware.com/resources/software-downloads/lighthouse-studio/version-historynvd
slcyber.io/assetnote-security-research-center/rce-in-the-most-popular-survey-software-youve-never-heard-of/nvd
www.vulncheck.com/advisories/sawtooth-software-lighthouse-studio-preauthentication-rcenvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.057
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000