CVE-2025-15099 | simstudioai sim up to 0.5.27 CRON Secret internal.ts INTERNAL_API_SECRET improper authentication

A vulnerability was found in simstudioai sim up to 0.5.27. It has been rated as critical. This vulnerability affects unknown code of the file apps/sim/lib/auth/internal.ts of the component CRON Secret Handler. The manipulation of the argument INTERNAL_API_SECRET leads to improper authentication.

This vulnerability is traded as CVE-2025-15099. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Applying a patch is the recommended action to fix this issue.

CVE-2025-15099 | simstudioai sim up to 0.5.27 CRON Secret internal.ts INTERNAL_API_SECRET improper authentication

Post correlati

CVE-2024-1684 | Otter Blocks Pro Plugin up to 2.6.3 on WordPress File Field CSS cross site scripting

CVE-2024-1710 | Addon Library Plugin up to 1.3.76 on WordPress unrestricted upload

CVE-2024-0935 | Dassault Systèmes DELMIA Apriso up to 2024 log file

CVE-2025-27464 | Xen XenBus permission