CVE-2025-9800 | SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af HTML File Parser route.ts import unrestricted upload (Issue 958)

A vulnerability, which was classified as critical, was found in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. Affected by this issue is the function Import of the file apps/sim/app/api/files/upload/route.ts of the component HTML File Parser. Executing manipulation of the argument File can lead to unrestricted upload.

The identification of this vulnerability is CVE-2025-9800. The attack may be launched remotely. Furthermore, there is an exploit available.

This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. A patch should be applied to remediate this issue.

CVE-2025-9800 | SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af HTML File Parser route.ts import unrestricted upload (Issue 958)

Post correlati

CVE-2024-53153 | Linux Kernel up to 6.11.10/6.12.1 qcom-ep qcom_pcie_perst_deassert assertion

CVE-2024-1115 | openBI up to 1.0.8 Setting.php dlfile phpPath os command injection

CVE-2021-34976 | Foxit PDF Reader 11.0.1.49938 PDF File use after free (ZDI-21-1207)

CVE-2025-7654 | FunnelKit Plugin on WordPress Woofunnel Library wf_get_cookie privilege escalation