CyberSecurityBoard
Sponsor Register Login

Lighthouse Studio RCE Vulnerability Let Attackers Gain Access to Hosting Servers

Security researchers at Assetnote discovered that the software’s templating system evaluates content between [% %] markers as executable Perl code, creating a direct pathway for remote code execution. A critical remote code execution vulnerability has been discovered in Lighthouse Studio, one of the most widely deployed yet relatively unknown survey software platforms developed by Sawtooth Software. The flaw, designated CVE-2025-34300, affects the Perl CGI scripts that power web-based surveys, potentially exposing thousands of hosting servers to complete compromise by attackers who possess nothing more than a survey link. Lighthouse Studio operates through a dual architecture consisting of a Windows desktop application for survey creation and a collection of Perl CGI scripts deployed on web servers to handle respondent interactions. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. For older software versions that implement basic input filtering, researchers discovered a bypass technique using duplicate parameter names: hid_Random_ACARAT=[%257*7%25]&hid_Random_ACARAT=x. Attackers can exploit this by injecting malicious payloads through the hid_Random_ACARAT parameter, such as [%257*7%25], which gets processed by the templating engine and executed as Perl code. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. A single company might operate tens or hundreds of vulnerable script instances across their web infrastructure, with no automatic update mechanism to address security patches. Sawtooth Software released version 9.16.14 on July 9th, 2025, addressing this critical security flaw. Organizations running Lighthouse Studio should immediately update to the patched version to prevent potential compromise of their hosting infrastructure. Tushar is a Cyber security content editor with a passion for creating captivating and informative content.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 21 Jul 2025 11:45:10 +0000


Cyber News related to Lighthouse Studio RCE Vulnerability Let Attackers Gain Access to Hosting Servers

Lighthouse Studio RCE Vulnerability Let Attackers Gain Access to Hosting Servers - Security researchers at Assetnote discovered that the software’s templating system evaluates content between [% %] markers as executable Perl code, creating a direct pathway for remote code execution. A critical remote code execution ...
3 months ago Cybersecuritynews.com CVE-2025-34300
Google files lawsuit to disrupt Lighthouse scam - Google has taken legal action to dismantle the Lighthouse scam, a fraudulent operation that has been exploiting users through deceptive practices. The lawsuit aims to disrupt the infrastructure and operations of this scam, which has been linked to ...
5 hours ago Therecord.media
BulletProof Hosting Provider Qwins Ltd Fueling Global Malware Campaigns - This systematic approach to network utilization demonstrates the sophisticated nature of modern bulletproof hosting operations and their critical role in enabling large-scale cybercriminal campaigns across multiple malware families and attack ...
3 months ago Cybersecuritynews.com
Google Released AI-powered Firebase Studio to Accelerate Build, Test, & Deployment - Firebase Studio is built on the foundation of Project IDX, Genkit, and Gemini, providing a unified agentic experience that empowers developers to move faster and build more innovative applications. This innovative tool integrates the power of Gemini ...
7 months ago Cybersecuritynews.com
The Persistent Danger of Remcos RAT - From initial infection to persistent control, the Remcos RAT campaign exemplifies the evolving nature of cyber threats and the need for proactive defense measures. This ecosystem is supported by a diverse array of servers that function as command and ...
1 year ago Cyberdefensemagazine.com
Securing Your CentOS Web Panel to Prevent RCE Exploitation - Data security is essential for all web applications, particularly those hosting sensitive information. When it comes to protecting against remote code execution (RCE) exploitation, it is important to understand the inherent vulnerabilities of the ...
2 years ago Securityaffairs.com
CVE-2024-26152 - ### Summary ...
1 year ago
ConnectWise urges ScreenConnect admins to patch critical RCE flaw - ConnectWise warned customers to patch their ScreenConnect servers immediately against a maximum severity flaw that can be used in remote code execution attacks. This security bug is due to an authentication bypass weakness that attackers can exploit ...
1 year ago Bleepingcomputer.com
JetBrains warns of new TeamCity auth bypass vulnerability - JetBrains urged customers today to patch their TeamCity On-Premises servers against a critical authentication bypass vulnerability that can let attackers take over vulnerable instances with admin privileges. Tracked as CVE-2024-23917, this critical ...
1 year ago Bleepingcomputer.com CVE-2024-23917 CVE-2023-42793 Andariel APT29
CVE-2005-4780 - ** DISPUTED ** Cross-site scripting (XSS) vulnerability in Fidra Lighthouse CMS 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a query_string to the home page. NOTE: The vendor disputes ...
8 years ago
Google Adds Gemini Pro API to AI Studio and Vertex AI - Google also announced Duet AI for Developers and Duet AI in Security Operations, but neither uses Gemini yet. Starting Dec. 13, developers can use Google AI Studio and Vertex AI to build applications with the Gemini Pro API, which allows access to ...
1 year ago Techrepublic.com
CVE-2025-40592 - A vulnerability has been identified in Mendix Studio Pro 10 (All versions < V10.23.0), Mendix Studio Pro 10.12 (All versions < V10.12.17), Mendix Studio Pro 10.18 (All versions < V10.18.7), Mendix Studio Pro 10.6 (All versions < ...
5 months ago
400K Linux Servers Recruited by Resurrected Ebury Botnet - The Ebury botnet - which was first discovered 15 years ago - has backdoored nearly 400,000 Linux, FreeBSD, and OpenBSD servers. More than 100,000 servers were still compromised as of late 2023, according to new research from cybersecurity vendor ...
1 year ago Darkreading.com
Veeam warns of critical bugs in Veeam ONE monitoring platform - Veeam released hotfixes today to address four vulnerabilities in the company's Veeam ONE IT infrastructure monitoring and analytics platform, two of them critical. The company assigned almost maximum severity ratings to the critical security flaws ...
1 year ago Bleepingcomputer.com CVE-2023-38547 CVE-2023-38549 CVE-2023-41723 FIN7 Cuba
Russian bulletproof hosting service Aeza Group sanctioned by US for ransomware work | The Record from Recorded Future News - Aeza Group is a bulletproof hosting (BPH) services provider, the department said, that allows cybercriminals to avoid law enforcement while renting IP addresses, servers and domains used for disseminating malware, supporting darknet markets and ...
4 months ago Therecord.media LockBit
Ebury botnet malware infected 400,000 Linux servers since 2009 - A malware botnet known as 'Ebury' has infected almost 400,000 Linux servers since 2009, with roughly 100,000 still compromised as of late 2023. Below are the Ebury infections logged by ESET since 2009, showing a notable growth in the volume of ...
1 year ago Bleepingcomputer.com
3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online - Over three thousand internet-exposed Apache ActiveMQ servers are vulnerable to a recently disclosed critical remote code execution vulnerability. Apache ActiveMQ is a scalable open-source message broker that fosters communication between clients and ...
1 year ago Bleepingcomputer.com CVE-2023-46604 CVE-2023-4660
New HeadCrab Malware Hijacks 1,200 Redis Servers - Since September 2021, over a thousand vulnerable Redis servers online have been infected by a stealthy malware dubbed "HeadCrab", designed to build a botnet that mines Monero cryptocurrency. At least 1,200 servers have been infected by the HeadCrab ...
2 years ago Heimdalsecurity.com
How gray-zone hosting companies protect data the US wants erased - In the evolving landscape of cybersecurity, gray-zone hosting companies have emerged as pivotal players in protecting data that governments, including the US, seek to erase. These companies operate in a complex legal and ethical environment, offering ...
2 months ago Darkreading.com
Cisco Routers Exposed to Remote Code Execution (RCE) Attacks: How to Protect Your Network - Protecting networks from remote code execution (RCE) attacks is now more important than ever, as thousands of end-of-life Cisco routers are exposed to these vulnerabilities. On June 10, 2020 research revealed that over 19,000 Cisco devices were still ...
2 years ago Bleepingcomputer.com
Qilin Ransomware Gang Uses Ghost Bulletproof Hosting to Evade Takedowns - The Qilin ransomware group has adopted advanced evasion techniques by leveraging ghost bulletproof hosting services to maintain their malicious infrastructure. These hosting providers are notorious for ignoring abuse complaints, allowing ransomware ...
3 weeks ago Cybersecuritynews.com Qilin ransomware group
It's not cricket! Sri Lanka and Bangladesh co-host phishing attack - Sri Lanka and Bangladesh have a successful history of co-hosting the Cricket World Cup, but today the two countries' governments have found themselves on a sticky wicket by co-hosting a phishing attack that targets UK banking customers. Victims lured ...
1 year ago Netcraft.com
Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers - A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept exploits. Apache OFBiz is an open-source enterprise resource planning system many businesses use for e-commerce ...
1 year ago Bleepingcomputer.com CVE-2023-49070 CVE-2023-51467
Critical AWS Amplify Studio Vulnerability Let Attackers Execute Arbitrary Code - “As a result, an authenticated user who can create or modify components could run arbitrary JavaScript code during the component rendering and build process,” states the AWS advisory. The issue underscores the urgent need for robust input ...
6 months ago Cybersecuritynews.com
Aeza Group sanctioned for hosting ransomware, infostealer servers - The U.S. Department of the Treasury has sanctioned Russian hosting company Aeza Group and four operators for allegedly acting as a bulletproof hosting company for ransomware gangs, infostealer operations, darknet drug markets, and Russian ...
4 months ago Bleepingcomputer.com LockBit BianLian

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)