CVE-2025-9805

Exploit

EPSS 0.26%
Veröffentlicht 02.09.2025 00:02:07
Zuletzt bearbeitet 29.04.2026 01:00:01
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

SimStudioAI sim route.ts server-side request forgery

A vulnerability was found in SimStudioAI sim up to 51b1e97fa22c48d144aef75f8ca31a74ad2cfed2. This issue affects some unknown processing of the file apps/sim/app/api/proxy/image/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been made public and could be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The patch is identified as 3424a338b763115f0269b209e777608e4cd31785. Applying a patch is advised to resolve this issue.

Betroffene Produkte Warnungen 0 Metriken 5 CWE 1 Referenzen 10

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sim ≫ Sim Version < 0.3.40

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.26%	0.172

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cna@vuldb.com	2.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://vuldb.com/?id.322129

Third Party Advisory

VDB Entry

https://vuldb.com/?ctiid.322129

VDB Entry

Permissions Required

https://vuldb.com/?submit.640821

Third Party Advisory

VDB Entry

https://github.com/simstudioai/sim/issues/1128

Vendor Advisory

Exploit

Issue Tracking

https://github.com/simstudioai/sim/issues/1128#issuecomment-3226867869

Patch

Issue Tracking

https://github.com/simstudioai/sim/issues/1128#issue-3349260976

Vendor Advisory

Exploit

Issue Tracking

https://github.com/simstudioai/sim/commit/3424a338b763115f0269b209e777608e4cd31785

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-9805

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-9805

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-9805

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-9805