Sawtooth Company Cyber Security Posture
sawtoothsoftware.comSawtooth Software is a leading provider of analytical tools that empower organizations to build predictive models of how their customers make decisions and what aspects of a product or service they value most. Users of our software include Fortune 1000 companies in consumer and B2B markets, government agencies, market research firms, and universities. These organizations use our software for product and pricing research, social policy inquiries, epidemiological studies, academic investigations, and opinion polling. In addition to our products and solutions platform, we offer consulting and educational services. Sawtooth Software hosts a well-respected research conference and software training workshops. The papers presented at our conference are often cited in academic journals, books, and trade publications. Sawtooth Software is a privately owned company located in Provo, Utah.
Sawtooth Company Details
sawtooth-software
52 employees
2238.0
511
Software Development
sawtoothsoftware.com
Scan still pending
SAW_1854280
In-progress
Sawtooth Risk Score (AI oriented)Between 900 and 1000
This score is AI-generated and less favored by cyber insurers, who prefer the TPRM score.
Sawtooth Global Score.png)
Sawtooth Company Scoring based on AI Models
| Model Name | Date | Description | Current Score Difference | Score |
|---|---|---|---|---|
| AVERAGE-Industry | 03-12-2025 | This score represents the average cybersecurity rating of companies already scanned within the same industry. It provides a benchmark to compare an individual company's security posture against its industry peers. | N/A | Between 900 and 1000 |
Sawtooth Company Cyber Security News & History
| Entity | Type | Severity | Impact | Seen | Url ID | Details | View |
|---|---|---|---|---|---|---|---|
| Sawtooth Software | Vulnerability | 100 | 7/2025 | SAW719072225 | Link | ||
Rankiteo Explanation : Attack threatening the organizationโs existenceDescription: A critical remote code execution vulnerability (CVE-2025-34300) has been discovered in Lighthouse Studio, a survey software platform developed by Sawtooth Software. This vulnerability affects the Perl CGI scripts that power web-based surveys, potentially exposing thousands of hosting servers to complete compromise. The flaw resides in the server-side components, where a templating engine processes user input without proper sanitization. Security researchers found that the softwareโs templating system evaluates content between [% %] markers as executable Perl code, creating a direct pathway for remote code execution. This issue amplifies the potential attack surface and complicates remediation efforts due to the proliferation of vulnerable script instances across web infrastructures. | |||||||
Sawtooth Company Subsidiaries
Sawtooth Software is a leading provider of analytical tools that empower organizations to build predictive models of how their customers make decisions and what aspects of a product or service they value most. Users of our software include Fortune 1000 companies in consumer and B2B markets, government agencies, market research firms, and universities. These organizations use our software for product and pricing research, social policy inquiries, epidemiological studies, academic investigations, and opinion polling. In addition to our products and solutions platform, we offer consulting and educational services. Sawtooth Software hosts a well-respected research conference and software training workshops. The papers presented at our conference are often cited in academic journals, books, and trade publications. Sawtooth Software is a privately owned company located in Provo, Utah.
Access Data Using Our API
Get company history
Rapid.png)
Sawtooth Cyber Security News
State of Idaho, Idaho National Laboratory celebrate opening of new buildings
โThese facilities not only will enhance INL's supercomputing and cybersecurity capabilities, but also serve Idaho's university students andย ...
Sawtooth C-UAS mesh network demonstrated at U.S. Army's DiDEX 3
BOISE, Idaho. Black Sage's Sawtooth Mesh Network counter-unmanned aerial system (C-UAS) capability was demonstrated in an urban environment at the U.S.ย ...
FIGURE 2. Multimedia forensics investigation using Blockchain...
Due to globalization and worldwide connectivity, multimedia data exchange has increased significantly over the Internet in the last decade.
Sawtooth Similar Companies
Bosch Global Software Technologies
With our unique ability to offer end-to-end solutions that connect the three pillars of IoT - Sensors, Software, and Services, we enable businesses to move from the traditional to the digital, or improve businesses by introducing a digital element in their products and processes. Now more than ever
Tencent
Tencent is a world-leading internet and technology company that develops innovative products and services to improve the quality of life of people around the world. Founded in 1998 with its headquarters in Shenzhen, China, Tencent's guiding principle is to use technology for good. Our communication
Workday
Workday is a leading provider of enterprise cloud applications for finance and human resources, helping customers adapt and thrive in a changing world. Workday applications for financial management, human resources, planning, spend management, and analytics are built with artificial intelligence and
Nielsen
Nielsen shapes the worldโs media and content as a global leader in audience insights, data and analytics. Through our understanding of people and their behaviors across all channels and platforms, we empower our clients with independent and actionable intelligence so they can connect and engage with
bigbasket
Starting our journey in 2011, today, bigbasket - a Tata Enterprise is Indiaโs largest online supermarket with over 13 million customers and a presence in 60+ cities & towns. With our presence spanning the entire spectrum of consumer needs, we operate through a range of business lines - bigbasket, bb
IGT
IGT (NYSE:IGT) is the global leader in gaming. We deliver entertaining and responsible gaming experiences for players across all channels and regulated segments, from Lotteries and Gaming Machines to Sports Betting and Digital. Leveraging a wealth of compelling content, substantial investment in inn
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Sawtooth CyberSecurity History Information
How many cyber incidents has Sawtooth faced?
Total Incidents: According to Rankiteo, Sawtooth has faced 1 incident in the past.
What types of cybersecurity incidents have occurred at Sawtooth?
Incident Types: The types of cybersecurity incidents that have occurred incident Vulnerability.
How does Sawtooth detect and respond to cybersecurity incidents?
Detection and Response: The company detects and responds to cybersecurity incidents through remediation measures with Update to version 9.16.14.
Incident Details
Can you provide details on each incident?
Incident : Remote Code Execution
Title: Critical Remote Code Execution Vulnerability in Lighthouse Studio
Description: A critical remote code execution vulnerability (CVE-2025-34300) has been discovered in Lighthouse Studio, a survey software platform developed by Sawtooth Software. The flaw affects Perl CGI scripts that power web-based surveys, potentially exposing thousands of hosting servers to complete compromise by attackers who possess a survey link.
Date Publicly Disclosed: 2025-07-09
Type: Remote Code Execution
Attack Vector: Web-based survey links
Vulnerability Exploited: CVE-2025-34300
What are the most common types of attacks the company has faced?
Common Attack Types: The most common types of attacks the company has faced is Vulnerability.
How does the company identify the attack vectors used in incidents?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Survey links.
Impact of the Incidents
What was the impact of each incident?
Incident : Remote Code Execution SAW719072225
Systems Affected: Thousands of hosting servers
Which entities were affected by each incident?
Incident : Remote Code Execution SAW719072225
Entity Type: Software Developer
Industry: Survey Software
Response to the Incidents
What measures were taken in response to each incident?
Incident : Remote Code Execution SAW719072225
Remediation Measures: Update to version 9.16.14
Data Breach Information
What measures does the company take to prevent data exfiltration?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Update to version 9.16.14.
Lessons Learned and Recommendations
What recommendations were made to prevent future incidents?
Incident : Remote Code Execution SAW719072225
Recommendations: Organizations should immediately update to the patched version 9.16.14 to prevent potential compromise of their hosting infrastructure.
What recommendations has the company implemented to improve cybersecurity?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Organizations should immediately update to the patched version 9.16.14 to prevent potential compromise of their hosting infrastructure..
References
Where can I find more information about each incident?
Incident : Remote Code Execution SAW719072225
Source: Assetnote
Where can stakeholders find additional resources on cybersecurity best practices?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Assetnote.
Initial Access Broker
How did the initial access broker gain entry for each incident?
Incident : Remote Code Execution SAW719072225
Entry Point: Survey links
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident?
Incident : Remote Code Execution SAW719072225
Root Causes: Inadequate input sanitization in the templating engine
Corrective Actions: Update to version 9.16.14
What corrective actions has the company taken based on post-incident analysis?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Update to version 9.16.14.
Additional Questions
Incident Details
What was the most recent incident publicly disclosed?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-07-09.
Impact of the Incidents
What was the most significant system affected in an incident?
Most Significant System Affected: The most significant system affected in an incident was Thousands of hosting servers.
Lessons Learned and Recommendations
What was the most significant recommendation implemented to improve cybersecurity?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Organizations should immediately update to the patched version 9.16.14 to prevent potential compromise of their hosting infrastructure..
References
What is the most recent source of information about an incident?
Most Recent Source: The most recent source of information about an incident is Assetnote.
Initial Access Broker
What was the most recent entry point used by an initial access broker?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Survey links.
What Do We Measure?
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
