CVE-2025-34300 CRITICAL

CVE-2025-34300: Sawtooth Software Lighthouse Studio < 9.16.14 Pre-Authentication RCE

Vendor Sawtooth Software
Product Lighthouse Studio
Weakness CWE-20 · Input validation
Published July 16, 2025
Last update May 26, 2026

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the  ciwweb.pl http://ciwweb.pl/  Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands.

Key dates

02Disclosure timeline

July 16, 2025 CVE published
May 26, 2026 Record updated