Code Injection Vulnerability in SimStudioAI sim by SimStudioAI
CVE-2025-10097

5.3MEDIUM

Key Information:

Vendor

Simstudioai

Status
Sim
Vendor
CVE Published:
8 September 2025

What is CVE-2025-10097?

A security flaw has been detected in SimStudioAI sim, specifically in the file path apps/sim/app/api/function/execute/route.ts, allowing for malicious code injection through manipulated input arguments. This vulnerability can be exploited remotely, potentially compromising the integrity and security of the application. Users are advised to update to the latest version to mitigate any risks associated with this vulnerability.

Affected Version(s)

sim 1.0

References

https://vuldb.com/?id.323058
vdb-entrytechnical-description
https://vuldb.com/?ctiid.323058
signaturepermissions-required
https://vuldb.com/?submit.644954
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

ZAST.AI (VulDB User)
.
CVE-2025-10097 : Code Injection Vulnerability in SimStudioAI sim by SimStudioAI