New LightHouse Studio RCE module
This week we’ve added a new module that exploits an unauthenticated template injection vulnerability (CVE-2025-34300) in Sawtooth Software’s Lighthouse Studio, allowing arbitrary Perl execution via survey templates in versions prior to 9.16.14. This module has the ability to exploit surveys which are hosted on either Linux or Windows servers. Thanks to the original exploit researchers Adam Kues, Maksim Rogov, as well as community contributor vognik for writing the module; community submissions like this are always much appreciated as they keep the framework up to date with the latest and greatest exploits and help improve visibility for those affected.
New module content (2)
Shenzhen Aitemi M300 Wi-Fi Repeater Unauthenticated RCE (time param)
Author: Valentin Lobstein
Type: Exploit
Pull request: #20455 contributed by Chocapikk
Path: linux/http/aitemi_m300_time_rce
AttackerKB reference: CVE-2025-34152
Description: This adds an exploit module for Shenzhen Aitemi M300 MT02, the RCE vulnerability will execute commands and payloads as root user.
Template Injection Vulnerability in Sawtooth Software’s Lighthouse Studio (CVE-2025-34300)
Authors: Adam Kues and Maksim Rogov
Type: Exploit
Pull request: #20397 contributed by vognik
Path: multi/http/lighthouse_studio_unauth_rce_cve_2025_34300
AttackerKB reference: CVE-2025-34300
Description: This adds a module which exploits a template injection vulnerability in the Sawtooth Software Lighthouse Studio’s ciwweb.pl web application in versions prior to 9.16.14. The application fails to properly sanitize user input within survey templates, allowing unauthenticated attackers to inject and execute arbitrary Perl commands on the target system which get run in the context of the user running the web server.
Enhancements and features (1)
- #19653 from Mathiou04 – Fixes multiple bugs in credential generation and refactors the code to improve readability.
Bugs fixed (2)
- #20511 from mwalas-r7 – This fixes SNI functionality in the auxiliary/scanner/ssl/ssl_version module so it can target hosts with multiple names.
- #20516 from adfoster-r7 – Fixes msfdb init failures on NixOs.
Documentation
You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.
Get it
As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:
If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest. To install fresh without using git, you can use the open-source-only Nightly Installers or the commercial edition Metasploit Pro
