Template Injection Vulnerability in Sawtooth Software's Lighthouse Studio

CVE-2025-34300

What is CVE-2025-34300?

CVE-2025-34300 is a vulnerability identified in Sawtooth Software's Lighthouse Studio, a widely used application for survey and data collection purposes. This particular vulnerability involves template injection, allowing an unauthenticated attacker to execute arbitrary commands through the ciwweb.pl Perl web application utilized within Lighthouse Studio. The vulnerability exists in versions prior to 9.16.14, making it crucial for organizations using this software to be aware of the potential risks. If exploited, attackers could gain unauthorized access to the system, potentially compromising sensitive data and leading to severe operational disruptions.

Potential Impact of CVE-2025-34300

1. Unauthorized Access and Command Execution: This vulnerability could allow malicious actors to run arbitrary commands on the server, leading to complete control over the affected system.

2. Data Breaches: Given the nature of the software, an attacker could exploit the vulnerability to access sensitive data collected through surveys, resulting in data leaks or loss of confidentiality.

3. Operational Disruption: Exploitation could lead to significant downtime and resource allocation for remediation, impacting organizational efficiency and potentially leading to financial losses.

News Articles

CVEFeed.io

CVE-2025-34300

CVE-2025-34300 - Sawtooth Software Lighthouse Studio Template Injection

A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands.

18 hours ago

References