CVE-2025-34300

CRITICAL EXPLOITED NUCLEI

Template Injection Vulnerability in Sawtooth Software

Title source: metasploit

Exploitation Summary

CVE-2025-34300 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including jisi-001, Maksim Rogov, Adam Kues, including a Metasploit module exploits/multi/http/lighthouse_studio_unauth_rce_cve_2025_34300. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a Python script that checks for the presence of CVE-2025-34300, a template injection vulnerability in Sawtooth Lighthouse Studio. The script sends a crafted HTTP request to detect the vulnerability by checking for a specific response.

Description

A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands.

Exploits (2)

nomisec SCANNER 1 stars

by jisi-001 · remote

https://github.com/jisi-001/CVE-2025-34300POC

View Code ZIP pw:eip

This repository contains a Python script that checks for the presence of CVE-2025-34300, a template injection vulnerability in Sawtooth Lighthouse Studio. The script sends a crafted HTTP request to detect the vulnerability by checking for a specific response.

Classification

Scanner 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Sawtooth Lighthouse Studio

No auth needed

Prerequisites: Network access to the target system

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Maksim Rogov, Adam Kues · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/lighthouse_studio_unauth_rce_cve_2025_34300.rb

View Code ZIP pw:eip

This Metasploit module exploits a template injection vulnerability in Sawtooth Software's Lighthouse Studio, allowing unauthenticated remote code execution via crafted GET parameters in the `ciwweb.pl` endpoint.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Sawtooth Software Lighthouse Studio < 9.16.14

No auth needed

Prerequisites: Network access to the target's `ciwweb.pl` endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

SawtoothSoftware Lighthouse Studio < 9.16.14 - Pre-Auth Remote Code Execution

CRITICALVERIFIEDby assetnote,DhiyaneshDK,iamnoooob

Shodan: html:"Lighthouse Studio"

References (3)

Core 3

Core References

Various Sources product patch

https://sawtoothsoftware.com/resources/software-downloads/lighthouse-studio/version-history

Various Sources technical-description

https://slcyber.io/assetnote-security-research-center/rce-in-the-most-popular-survey-software-youve-never-heard-of/

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/sawtooth-software-lighthouse-studio-preauthentication-rce

Scores

CVSS v4 10.0

EPSS 0.7365

EPSS Percentile 98.8%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2025-08-07

CWE

CWE-1336 CWE-20

Status published

Products (1)

Sawtooth Software/Lighthouse Studio < 9.16.14

Published Jul 16, 2025

Tracked Since Feb 18, 2026