CVE-2025-34300

Critical CVSS 10.0

Overview

A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands.

CWE: CWE-20 Published: 2025-07-16T13:15:23.823

Risk analysis

This vulnerability is rated 🔴 CRITICAL.

CVSS: 10.0 (CRITICAL)
Detected tags: unauth_access (tag impact: HIGH)

Recommended actions:

Enforce authentication/authorization; reduce default endpoint exposure.

Overview

Recommended tools

Tags