Vulnerability cyber

Sawtooth Software

Jul 22, 2025 1 min read
Sawtooth Software

A critical remote code execution vulnerability (CVE-2025-34300) has been discovered in Lighthouse Studio, a survey software platform developed by Sawtooth Software. This vulnerability affects the Perl CGI scripts that power web-based surveys, potentially exposing thousands of hosting servers to complete compromise. The flaw resides in the server-side components, where a templating engine processes user input without proper sanitization. Security researchers found that the software’s templating system evaluates content between [% %] markers as executable Perl code, creating a direct pathway for remote code execution. This issue amplifies the potential attack surface and complicates remediation efforts due to the proliferation of vulnerable script instances across web infrastructures.

Source: https://cybersecuritynews.com/lighthouse-studio-rce-vulnerability/

TPRM report: https://scoringcyber.rankiteo.com/company/sawtooth-software

"id": "saw719072225",
"linkid": "sawtooth-software",
"type": "Vulnerability",
"date": "7/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Survey Software',
                        'name': 'Sawtooth Software',
                        'type': 'Software Developer'}],
 'attack_vector': 'Web-based survey links',
 'date_publicly_disclosed': '2025-07-09',
 'description': 'A critical remote code execution vulnerability '
                '(CVE-2025-34300) has been discovered in Lighthouse Studio, a '
                'survey software platform developed by Sawtooth Software. The '
                'flaw affects Perl CGI scripts that power web-based surveys, '
                'potentially exposing thousands of hosting servers to complete '
                'compromise by attackers who possess a survey link.',
 'impact': {'systems_affected': 'Thousands of hosting servers'},
 'initial_access_broker': {'entry_point': 'Survey links'},
 'post_incident_analysis': {'corrective_actions': ['Update to version 9.16.14'],
                            'root_causes': 'Inadequate input sanitization in '
                                           'the templating engine'},
 'recommendations': ['Organizations should immediately update to the patched '
                     'version 9.16.14 to prevent potential compromise of their '
                     'hosting infrastructure.'],
 'references': [{'source': 'Assetnote'}],
 'response': {'remediation_measures': ['Update to version 9.16.14']},
 'title': 'Critical Remote Code Execution Vulnerability in Lighthouse Studio',
 'type': 'Remote Code Execution',
 'vulnerability_exploited': 'CVE-2025-34300'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.