module
Template Injection Vulnerability in Sawtooth Software's Lighthouse Studio (CVE-2025-34300)
| Disclosed |
|---|
| Jul 16, 2025 |
Disclosed
Jul 16, 2025
Description
This module exploits a template injection vulnerability in the
Sawtooth Software Lighthouse Studio's `ciwweb.pl` web application.
The application fails to properly sanitize user input within survey templates,
allowing unauthenticated attackers to inject and execute arbitrary Perl commands
on the target system.
This vulnerability affects Lighthouse Studio versions prior to 9.16.14.
Successful exploitation may result in remote code execution under the privileges
of the web server, potentially exposing sensitive data or disrupting survey operations.
An attacker can execute arbitrary system commands in the context of the user running the web server.
Sawtooth Software Lighthouse Studio's `ciwweb.pl` web application.
The application fails to properly sanitize user input within survey templates,
allowing unauthenticated attackers to inject and execute arbitrary Perl commands
on the target system.
This vulnerability affects Lighthouse Studio versions prior to 9.16.14.
Successful exploitation may result in remote code execution under the privileges
of the web server, potentially exposing sensitive data or disrupting survey operations.
An attacker can execute arbitrary system commands in the context of the user running the web server.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.