Lighthouse Studio - RCE (CVE-2025-34300)

CVE-2025-34300 is a critical template injection vulnerability in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14, specifically within the ciwweb.pl Perl web application. This flaw allows unauthenticated attackers to execute arbitrary commands on the affected system, potentially leading to full remote compromise and control. Attackers could leverage this vulnerability to steal data, disrupt operations, or deploy further malicious payloads.

CrowdSec has been tracking this vulnerability and its exploits since 24th of July 2025.

According to CrowdSec data, while opportunistic exploitation dominates, a portion of threat actors trying to exploit CVE-2025-34300 apply basic targeting methods such as port or service detection. This indicates emerging patterns of selective targeting. Additionally, according to week-over-week analysis by CrowdSec, exploitation of CVE-2025-34300 is surging. Attack volumes are spiking well above historical norms, indicating widespread and escalating interest from threat actors. CVE-2025-34300 is currently experiencing high visibility and active exploitation across the internet.

Attackers exploit the Lighthouse Studio ciwweb.pl endpoint by injecting Perl code into the hid_Random_ACARAT query parameter, enabling unauthenticated remote code execution via unsafe eval usage.