PT-2025-29823 · Hyperledger · Sawtooth Lighthouse Studio

Adam Kues

Publicado

2025-04-09

Atualizado

2025-09-15

CVE-2025-34300

CVSS v4.0

Crítica

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions Sawtooth Lighthouse Studio versions prior to 9.16.14

Description A template injection vulnerability exists in the Perl web application ciwweb.pl within Sawtooth Lighthouse Studio, allowing unauthenticated attackers to execute arbitrary commands. Approximately 480 services are potentially affected worldwide.

Recommendations Update Sawtooth Lighthouse Studio to version 9.16.14 or later.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-1336

Identificadores relacionados

BDU:2025-09256

CVE-2025-34300

Produtos afetados

Sawtooth Lighthouse Studio

PT-2025-29823 · Hyperledger · Sawtooth Lighthouse Studio

CVE-2025-34300

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 17