PT-2025-29823 · Hyperledger · Sawtooth Lighthouse Studio
Adam Kues
·
Published
2025-04-09
·
Updated
2025-09-15
·
CVE-2025-34300
CVSS v4.0
10
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
Name of the Vulnerable Software and Affected Versions
Sawtooth Lighthouse Studio versions prior to 9.16.14
Description
A template injection vulnerability exists in the Perl web application
ciwweb.pl within Sawtooth Lighthouse Studio, allowing unauthenticated attackers to execute arbitrary commands. Approximately 480 services are potentially affected worldwide.Recommendations
Update Sawtooth Lighthouse Studio to version 9.16.14 or later.
Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sawtooth Lighthouse Studio