SentinelOne
CVE Vulnerability Database
Vulnerability Database/CVE-2025-34300

CVE-2025-34300: Lighthouse Studio Template Injection RCE

CVE-2025-34300 is a template injection vulnerability in Sawtooth Software's Lighthouse Studio that enables remote code execution. Unauthenticated attackers can exploit this flaw to run arbitrary commands on affected systems.

Updated:

CVE-2025-34300 Overview

A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl Perl web application. Exploitation allows an unauthenticated attacker to execute arbitrary commands.

Critical Impact

This vulnerability allows remote code execution without any authentication, making it extremely dangerous.

Affected Products

  • Lighthouse Studio (versions prior to 9.16.14)

Discovery Timeline

  • Not Available - Vulnerability discovered by Not Available
  • Not Available - Responsible disclosure to Not Available
  • Not Available - CVE CVE-2025-34300 assigned
  • Not Available - Not Available releases security patch
  • 2025-07-16 - CVE CVE-2025-34300 published to NVD
  • 2025-11-04 - Last updated in NVD database

Technical Details for CVE-2025-34300

Vulnerability Analysis

The vulnerability is classified under CWE-20, indicating a lack of proper input validation, allowing for template injection. This can be exploited remotely via the web application interface, potentially leading to arbitrary remote code execution.

Root Cause

The underlying issue is improper input validation in the ciwweb.pl application, failing to sanitize user input that is used in Perl template processing.

Attack Vector

Attackers can exploit this vulnerability over a network by sending crafted HTTP requests to the affected application.

perl
# Example exploitation code (sanitized)
use LWP::UserAgent;

my $ua = LWP::UserAgent->new;
my $url = "http://vulnerable-host/ciwweb.pl";

my $response = $ua->post($url, { template => 'malicious_code_here' });

if ($response->is_success) {
    print "Exploitation successful: " . $response->decoded_content;
} else {
    print "Failed: " . $response->status_line;
}

Detection Methods for CVE-2025-34300

Indicators of Compromise

  • Unusual HTTP requests to ciwweb.pl
  • Unexpected output from ciwweb.pl
  • Execution of unauthorized commands on the server

Detection Strategies

Deploy network monitoring to capture HTTP requests specifically targeting the ciwweb.pl endpoint. Analyze logs for suspicious patterns that match known exploit payloads.

Monitoring Recommendations

Leverage SentinelOne’s endpoint protection to monitor execution chains arising from the affected web application. Use behavior-based rules to highlight anomalous command executions post user interaction with ciwweb.pl.

How to Mitigate CVE-2025-34300

Immediate Actions Required

  • Disable access to ciwweb.pl immediately
  • Isolate affected systems from the network
  • Conduct a thorough security review of the application code

Patch Information

Sawtooth Software has released version 9.16.14 and later, which includes a fix for this vulnerability. All users should update to the latest version immediately.

Workarounds

Restrict access to the ciwweb.pl endpoint using firewall rules or access control lists until the patch can be applied.

bash
# Configuration example
iptables -A INPUT -p tcp --dport 80 -m string --string "ciwweb.pl" --algo kmp -j DROP

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne