CVE-2025-7114 | SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b Session route.ts POST Request missing authentication

A vulnerability was found in SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b. It has been declared as critical. Affected by this vulnerability is the function POST of the file apps/sim/app/api/files/upload/route.ts of the component Session Handler. The manipulation of the argument Request leads to missing authentication.

This vulnerability is known as CVE-2025-7114. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-7114 | SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b Session route.ts POST Request missing authentication

Post correlati

CVE-2025-5146 | Netcore NBR200V2 up to 20250508 HTTP Header /usr/bin/routerd passwd_set pwd command injection

CVE-2024-56319 | Matter up to 1.4.0.0 User Label allocation of resources (Issue 36760)

CVE-2025-1843 | Mini-Tmall up to 20250211 ProductMapper.java select orderBy sql injection

CVE-2024-39480 | Linux Kernel up to 6.9.4 kdb memmove/memcpy buffer overflow