VDB

CVE-2025-34300

CVE-2025-34300 PUBLISHED CVSS 10 CRITICAL

A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the  ciwweb.pl http://ciwweb.pl/  Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands.

EPSS 73.65% · 98.8th percentile

Risk Scores

CVSS 4.0
10
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
EPSS Score
73.65%
98.8th percentile

Affected Products

VendorProductVersions
Sawtooth SoftwareLighthouse Studio*

Timeline

  • Jan 21, 1970 VulnCheck XDB Entry
  • Jan 21, 1970 CrowdSec Sighting
  • Jun 10, 2021 CrowdSec Sighting
  • Oct 21, 2021 CrowdSec Sighting
  • Mar 18, 2022 CrowdSec Sighting
  • Mar 9, 2023 CrowdSec Sighting
  • Mar 26, 2023 CrowdSec Sighting
  • Sep 6, 2023 CrowdSec Sighting
  • Oct 15, 2023 CrowdSec Sighting
  • Nov 6, 2023 CrowdSec Sighting
  • Nov 6, 2023 CrowdSec Sighting
  • Feb 6, 2024 CrowdSec Sighting
Open in Interactive Console →
$ Console Community · 100/wk Open console ›