CVE-2025-34300

Summary

A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the  ciwweb.pl http://ciwweb.pl/  Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands.

Affected Software

VendorProductVersion RangeStatus
Sawtooth SoftwareLighthouse Studio0 < 9.16.14affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation
  • CWE-1336: CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

Additional References

References