CVE-2025-9800

Exploit

EPSS 0.29%
Veröffentlicht 01.09.2025 22:32:06
Zuletzt bearbeitet 29.04.2026 01:00:01
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

SimStudioAI sim HTML File route.ts import unrestricted upload

A weakness has been identified in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. Affected by this issue is the function Import of the file apps/sim/app/api/files/upload/route.ts of the component HTML File Parser. Executing manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. This patch is called 45372aece5e05e04b417442417416a52e90ba174. A patch should be applied to remediate this issue.

Betroffene Produkte Warnungen 0 Metriken 5 CWE 2 Referenzen 10

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sim ≫ Sim Version <= 0.3.40

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.29%	0.2

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cna@vuldb.com	2.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://vuldb.com/?id.322115

Third Party Advisory

VDB Entry

https://vuldb.com/?ctiid.322115

VDB Entry

Permissions Required

https://vuldb.com/?submit.641129

Third Party Advisory

VDB Entry

https://github.com/simstudioai/sim/issues/958

Vendor Advisory

Exploit

Issue Tracking

https://github.com/simstudioai/sim/issues/958#issuecomment-3221311734

Patch

Issue Tracking

https://github.com/simstudioai/sim/issues/958#issue-3320696271

Vendor Advisory

Exploit

Issue Tracking

https://github.com/simstudioai/sim/commit/45372aece5e05e04b417442417416a52e90ba174

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-9800

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-9800

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-9800

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-9800