CVE-2025-7114

07.07.2025, 06:15

A vulnerability was found in SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b. It has been declared as critical. Affected by this vulnerability is the function POST of the file apps/sim/app/api/files/upload/route.ts of the component Session Handler. The manipulation of the argument Request leads to missing authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.3 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
VulDB	CNA	7.3 HIGH				CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 35%

Vendor	Product	Version
sim	sim	𝑥 ≤ 0.2.1

𝑥

= Vulnerable software versions

Known Exploits!

https://github.com/vri-report/reports/issues/3

Common Weakness Enumeration

References

https://github.com/vri-report/reports/issues/3

https://vuldb.com/?ctiid.315025

https://vuldb.com/?id.315025

https://vuldb.com/?submit.604898