Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-7107

A vulnerability classified as critical has been found in SimStudioAI sim up to 0.1.17. Affected is the function handleLocalFile of the file apps/sim/app/api/files/parse/route.ts. The manipulation of the argument filePath leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The patch is identified as b2450530d1ddd0397a11001a72aa0fde401db16a. It is recommended to apply a patch to fix this issue.

Published

2025-07-07T03:15:30.363

Last Modified

2025-10-01T18:49:12.523

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sim	sim	≤ 0.1.17	Yes

References

https://github.com/simstudioai/sim/commit/b2450530d1ddd0397a11001a72aa0fde401db16a Patch ([email protected])
https://github.com/simstudioai/sim/pull/437 Exploit, Patch ([email protected])
https://github.com/vri-report/reports/issues/2 Exploit, Issue Tracking, Third Party Advisory ([email protected])
https://github.com/vri-report/reports/issues/2#issue-3161840085 Exploit, Issue Tracking, Release Notes, Third Party Advisory ([email protected])
https://vuldb.com/?ctiid.315018 Permissions Required, VDB Entry ([email protected])
https://vuldb.com/?id.315018 Third Party Advisory, VDB Entry ([email protected])
https://vuldb.com/?submit.601043 Third Party Advisory, VDB Entry ([email protected])
https://github.com/vri-report/reports/issues/2 Exploit, Issue Tracking, Third Party Advisory (134c704f-9b21-4f2e-91b3-4a467353bcc0)