Sawtooth
Company Details
Linkedin ID:
sawtooth-software
Website:
Employees number:
52
Number of followers:
2,238
NAICS:
5112
Industry Type:
Homepage:
sawtoothsoftware.com
IP Addresses:
0
Company ID:
SAW_1854280
Scan Status:
In-progress
Sawtooth Company CyberSecurity Posture
sawtoothsoftware.com
Sawtooth Software is a leading provider of analytical tools that empower organizations to build predictive models of how their customers make decisions and what aspects of a product or service they value most. Users of our software include Fortune 1000 companies in consumer and B2B markets, government agencies, market research firms, and universities. These organizations use our software for product and pricing research, social policy inquiries, epidemiological studies, academic investigations, and opinion polling. In addition to our products and solutions platform, we offer consulting and educational services. Sawtooth Software hosts a well-respected research conference and software training workshops. The papers presented at our conference are often cited in academic journals, books, and trade publications. Sawtooth Software is a privately owned company located in Provo, Utah.
Sawtooth A.I CyberSecurity Scoring
Sawtooth Risk Score (AI oriented)Between 750 and 799
Sawtooth
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Sawtooth Global Score (TPRM)XXXX
Sawtooth
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Sawtooth Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Sawtooth Software
Vulnerability
Rankiteo Explanation
Attack threatening the organization’s existence
Description: A critical remote code execution vulnerability (CVE-2025-34300) has been discovered in Lighthouse Studio, a survey software platform developed by Sawtooth Software. This vulnerability affects the Perl CGI scripts that power web-based surveys, potentially exposing thousands of hosting servers to complete compromise. The flaw resides in the server-side components, where a templating engine processes user input without proper sanitization. Security researchers found that the software’s templating system evaluates content between [% %] markers as executable Perl code, creating a direct pathway for remote code execution. This issue amplifies the potential attack surface and complicates remediation efforts due to the proliferation of vulnerable script instances across web infrastructures.
Sawtooth Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Sawtooth
Incidents vs Software Development Industry Average (This Year)
No incidents recorded for Sawtooth in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Sawtooth in 2026.
Incident Types Sawtooth vs Software Development Industry Avg (This Year)
No incidents recorded for Sawtooth in 2026.
Incident History — Sawtooth (X = Date, Y = Severity)
Sawtooth cyber incidents detection timeline including parent company and subsidiaries
Sawtooth Company Subsidiaries
Sawtooth Software is a leading provider of analytical tools that empower organizations to build predictive models of how their customers make decisions and what aspects of a product or service they value most. Users of our software include Fortune 1000 companies in consumer and B2B markets, government agencies, market research firms, and universities. These organizations use our software for product and pricing research, social policy inquiries, epidemiological studies, academic investigations, and opinion polling. In addition to our products and solutions platform, we offer consulting and educational services. Sawtooth Software hosts a well-respected research conference and software training workshops. The papers presented at our conference are often cited in academic journals, books, and trade publications. Sawtooth Software is a privately owned company located in Provo, Utah.
Loading...
Sawtooth Similar Companies
Infor
Infor is a global leader in business cloud software products for companies in industry specific markets. Infor builds complete industry suites in the cloud and efficiently deploys technology that puts the user experience first, leverages data science, and integrates easily into existing systems. Ov
Cadence
Cadence is a market leader in AI and digital twins, pioneering the application of computational software to accelerate innovation in the engineering design of silicon to systems. Our design solutions, based on Cadence’s Intelligent System Design™ strategy, are essential for the world’s leading semic
Alibaba Group
🌍Alibaba Group is on a mission to make it easy to do business anywhere! Guided by our passion and imagination, we’re leading the way in AI, cloud computing and e-commerce. We aim to build the future infrastructure of commerce, and we aspire to be a good company that lasts for 102 years.
Sage
At Sage, we knock down barriers with information, insights, and tools to help your business flow. We provide businesses with software and services that are simple and easy to use, as we work with you to give you that feeling of confidence. Customers trust our Payroll, HR, and Finance software to m
Who are we? Amdocs helps those who build the future to make it amazing. With our market-leading portfolio of software products and services, we unlock our customers’ innovative potential, empowering them to provide next-generation communication and media experiences for both the individual end user
JD.COM
JD.com, also known as JINGDONG, is a leading e-commerce company transferring to be a technology and service enterprise with supply chain at its core. JD.com’s business has expanded across retail, technology, logistics, health, property development, industrials, and international business. Ranking 44
Adobe is the global leader in digital media and digital marketing solutions. Our creative, marketing and document solutions empower everyone – from emerging artists to global brands – to bring digital creations to life and deliver immersive, compelling experiences to the right person at the right mo
Snowflake
Snowflake delivers the AI Data Cloud — a global network where thousands of organizations mobilize data with near-unlimited scale, concurrency, and performance. Inside the AI Data Cloud, organizations unite their siloed data, easily discover and securely share governed data, and execute diverse analy
PhonePe Group is India’s leading fintech company, proudly recognized as India’s #1 Trusted Digital Payments* Brand for three consecutive years. Our flagship product, the PhonePe app was launched in August 2016, has rapidly become the preferred consumer payments app in India. In just eight years, Pho
.png)
Sawtooth CyberSecurity News
July 21, 2025 07:00 AM
Lighthouse Studio RCE Vulnerability Let Attackers Gain Access to Hosting Servers
CVE-2025-34300 in Lighthouse Studio allows RCE via survey links, risking thousands of servers due to unsanitized Perl CGI templates.
June 16, 2025 07:00 AM
Texas RE Adds AI as Risk to ERCOT Region’s Reliability
The Texas Reliability Entity has added key risks related to artificial intelligence and large loads as part of its annual reliability and regional risk...
February 26, 2024 08:00 AM
Report: Notorious ransomware group launched cyberattack on UnitedHealth Group
A group called “Blackcat” targeted a network for filling prescriptions that's operated by the company's Change Healthcare subsidiary,...
May 20, 2019 07:00 AM
New INL computing facilities an investment in Idaho’s future
Down a brightly lit hallway in an Idaho Falls office building, Eric Whiting opens the door to a room humming with dozens of large,...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Sawtooth CyberSecurity History Information
Official Website of Sawtooth
The official website of Sawtooth is https://sawtoothsoftware.com.
Sawtooth’s AI-Generated Cybersecurity Score
According to Rankiteo, Sawtooth’s AI-generated cybersecurity score is 750, reflecting their Fair security posture.
How many security badges does Sawtooth’ have ?
According to Rankiteo, Sawtooth currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Sawtooth been affected by any supply chain cyber incidents ?
According to Rankiteo, Sawtooth has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Sawtooth have SOC 2 Type 1 certification ?
According to Rankiteo, Sawtooth is not certified under SOC 2 Type 1.
Does Sawtooth have SOC 2 Type 2 certification ?
According to Rankiteo, Sawtooth does not hold a SOC 2 Type 2 certification.
Does Sawtooth comply with GDPR ?
According to Rankiteo, Sawtooth is not listed as GDPR compliant.
Does Sawtooth have PCI DSS certification ?
According to Rankiteo, Sawtooth does not currently maintain PCI DSS compliance.
Does Sawtooth comply with HIPAA ?
According to Rankiteo, Sawtooth is not compliant with HIPAA regulations.
Does Sawtooth have ISO 27001 certification ?
According to Rankiteo,Sawtooth is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Sawtooth
Sawtooth operates primarily in the Software Development industry.
Number of Employees at Sawtooth
Sawtooth employs approximately 52 people worldwide.
Subsidiaries Owned by Sawtooth
Sawtooth presently has no subsidiaries across any sectors.
Sawtooth’s LinkedIn Followers
Sawtooth’s official LinkedIn profile has approximately 2,238 followers.
NAICS Classification of Sawtooth
Sawtooth is classified under the NAICS code 5112, which corresponds to Software Publishers.
Sawtooth’s Presence on Crunchbase
No, Sawtooth does not have a profile on Crunchbase.
Sawtooth’s Presence on LinkedIn
Yes, Sawtooth maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/sawtooth-software.
Cybersecurity Incidents Involving Sawtooth
As of January 21, 2026, Rankiteo reports that Sawtooth has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Sawtooth has an estimated 28,123 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Sawtooth ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability.
How does Sawtooth detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with update to version 9.16.14..
Incident Details
Can you provide details on each incident ?
Title: Critical Remote Code Execution Vulnerability in Lighthouse Studio
Description: A critical remote code execution vulnerability (CVE-2025-34300) has been discovered in Lighthouse Studio, a survey software platform developed by Sawtooth Software. The flaw affects Perl CGI scripts that power web-based surveys, potentially exposing thousands of hosting servers to complete compromise by attackers who possess a survey link.
Date Publicly Disclosed: 2025-07-09
Type: Remote Code Execution
Attack Vector: Web-based survey links
Vulnerability Exploited: CVE-2025-34300
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Vulnerability.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Survey links.
Impact of the Incidents
What was the impact of each incident ?
Incident : Remote Code Execution SAW719072225
Systems Affected: Thousands of hosting servers
Which entities were affected by each incident ?
Incident : Remote Code Execution SAW719072225
Entity Name: Sawtooth Software
Entity Type: Software Developer
Industry: Survey Software
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Remote Code Execution SAW719072225
Remediation Measures: Update to version 9.16.14
Data Breach Information
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Update to version 9.16.14, .
Lessons Learned and Recommendations
What recommendations were made to prevent future incidents ?
Incident : Remote Code Execution SAW719072225
Recommendations: Organizations should immediately update to the patched version 9.16.14 to prevent potential compromise of their hosting infrastructure.
References
Where can I find more information about each incident ?
Incident : Remote Code Execution SAW719072225
Source: Assetnote
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Assetnote.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Remote Code Execution SAW719072225
Entry Point: Survey links
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Remote Code Execution SAW719072225
Root Causes: Inadequate input sanitization in the templating engine
Corrective Actions: Update To Version 9.16.14,
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Update To Version 9.16.14, .
Additional Questions
Incident Details
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-07-09.
Impact of the Incidents
Lessons Learned and Recommendations
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Organizations should immediately update to the patched version 9.16.14 to prevent potential compromise of their hosting infrastructure..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Assetnote.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Survey links.
.png)
Latest Global CVEs (Not Company-Specific)
Description
SummaryA command injection vulnerability (CWE-78) has been found to exist in the `wrangler pages deploy` command. The issue occurs because the `--commit-hash` parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of `--commit-hash` to execute arbitrary commands on the system running Wrangler. Root causeThe commitHash variable, derived from user input via the --commit-hash CLI argument, is interpolated directly into a shell command using template literals (e.g., execSync(`git show -s --format=%B ${commitHash}`)). Shell metacharacters are interpreted by the shell, enabling command execution. ImpactThis vulnerability is generally hard to exploit, as it requires --commit-hash to be attacker controlled. The vulnerability primarily affects CI/CD environments where `wrangler pages deploy` is used in automated pipelines and the --commit-hash parameter is populated from external, potentially untrusted sources. An attacker could exploit this to: * Run any shell command. * Exfiltrate environment variables. * Compromise the CI runner to install backdoors or modify build artifacts. Credits Disclosed responsibly by kny4hacker. Mitigation * Wrangler v4 users are requested to upgrade to Wrangler v4.59.1 or higher. * Wrangler v3 users are requested to upgrade to Wrangler v3.114.17 or higher. * Users on Wrangler v2 (EOL) should upgrade to a supported major version.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L).
Risk Information
cvss3
Base: 8.1
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=sawtooth-software' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
