CVE-2025-7114 | SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b Session route.ts POST Request missing authentication

A vulnerability was found in SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b. It has been declared as critical. Affected by this vulnerability is the function POST of the file apps/sim/app/api/files/upload/route.ts of the component Session Handler. The manipulation of the argument Request leads to missing authentication.

This vulnerability is known as CVE-2025-7114. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-7114 | SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b Session route.ts POST Request missing authentication

Post correlati

CVE-2024-13908 | bestwebsoft SMTP Plugin up to 1.1.9 on WordPress save_options unrestricted upload

CVE-2024-30306 | Adobe Acrobat Reader up to 20.005.30539/23.008.20470 File out-of-bounds (apsb24-07)

CVE-2024-6422 | Pepperl+Fuchs OIT1500-F113-B12-CB up to 2.11.0 Telnet missing authentication (VDE-2024-038)

CVE-2024-33247 | SourceCodester Employee Task Management System 1.0 admin-manage-user.php sql injection