We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-7114

SimStudioAI sim Session route.ts POST missing authentication



Description

EN DE

A vulnerability was found in SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b. It has been declared as critical. Affected by this vulnerability is the function POST of the file apps/sim/app/api/files/upload/route.ts of the component Session Handler. The manipulation of the argument Request leads to missing authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

In SimStudioAI sim bis 37786d371e17d35e0764e1b5cd519d873d90d97b wurde eine kritische Schwachstelle ausgemacht. Es geht um die Funktion POST der Datei apps/sim/app/api/files/upload/route.ts der Komponente Session Handler. Durch das Manipulieren des Arguments Request mit unbekannten Daten kann eine missing authentication-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

Reserved 2025-07-06 | Published 2025-07-07 | Updated 2025-07-07 | Assigner VulDB


MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
HIGH: 7.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
HIGH: 7.3CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
7.5AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

Problem types

Missing Authentication

Improper Authentication

Product status

37786d371e17d35e0764e1b5cd519d873d90d97b
affected

Timeline

2025-07-06:Advisory disclosed
2025-07-06:VulDB entry created
2025-07-06:VulDB entry last update

References

vuldb.com/?id.315025 (VDB-315025 | SimStudioAI sim Session route.ts POST missing authentication) vdb-entry technical-description

vuldb.com/?ctiid.315025 (VDB-315025 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.604898 (Submit #604898 | Sim Studio AI Sim Studio git checkout 190f3f998a6d27ddfd21a0bf7d095fa81d5e9d28 Unauthorized file upload) third-party-advisory

github.com/vri-report/reports/issues/3 exploit issue-tracking

cve.org (CVE-2025-7114)

nvd.nist.gov (CVE-2025-7114)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-7114

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.