What is CVE-2025-34300?

CVE-2025-34300 is a vulnerability in Sawtooth Software Lighthouse Studio, classified under Improper Input Validation. Published 2025-07-16.

Is CVE-2025-34300 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Sawtooth Software Lighthouse Studio

CVE-2025-34300

A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.736 (98.8th percentile) — read the EPSS interpretation.

Affected products

Sawtooth Software Lighthouse Studio — versions 0

Weakness classification (CWE)

Public proof-of-concept exploits

References

sawtoothsoftware.com/resources/software-downloads/lighthouse-studio/version-his… (product, patch)
slcyber.io/assetnote-security-research-center/rce-in-the-most-popular-survey-so… (technical-description)
www.vulncheck.com/advisories/sawtooth-software-lighthouse-studio-preauthenticat… (third-party-advisory)

Frequently asked questions

What is CVE-2025-34300?: CVE-2025-34300 is a vulnerability in Sawtooth Software Lighthouse Studio, classified under Improper Input Validation. Published 2025-07-16.
Is CVE-2025-34300 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.