CVE-2025-10096 | SimStudioAI sim up to 1.0.0 route.ts filePath server-side request forgery (Issue 960)

Inserito da Angelo Barbosa | Set 8, 2025 | CVE

A vulnerability was found in SimStudioAI sim up to 1.0.0. It has been declared as critical. This affects an unknown function of the file apps/sim/app/api/files/parse/route.ts. Executing manipulation of the argument filePath can lead to server-side request forgery.

This vulnerability is handled as CVE-2025-10096. The attack can be executed remotely. Additionally, an exploit exists.

Applying a patch is advised to resolve this issue.

CVE-2025-10096 | SimStudioAI sim up to 1.0.0 route.ts filePath server-side request forgery (Issue 960)

Post correlati

CVE-2024-6412 | HTML Forms Plugin up to 1.3.33 on WordPress cross-site request forgery

CVE-2024-45304 | OpenZeppelin cairo-contracts up to 0.15.x control flow (GHSA-w2px-25pm-2cf9)

CVE-2023-46681 | Buffalo VR-S1000 up to 2.37 Command Line Interface argument injection

CVE-2024-36531 | NukeViet upload.php unrestricted upload