Missing Authentication in Session Handler of SimStudioAI Application by SimStudio
CVE-2025-7114

6.9MEDIUM

Key Information:

Vendor: Simstudioai
Status: Sim
Vendor: CVE Published:; 7 July 2025

🔔 Create Simstudioai Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-7114?

A vulnerability exists in the SimStudioAI application that affects the Session Handler's POST function located in the app/api/files/upload/route.ts file. This flaw allows an attacker to manipulate request arguments, resulting in missing authentication checks. The remote exploit can enable unauthorized access to the application's functionalities, posing a significant security risk. It is crucial for users of affected versions to assess their security posture and implement necessary mitigations to protect against potential attacks.

Affected Version(s)

sim 37786d371e17d35e0764e1b5cd519d873d90d97b

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-7114 - Proof of Concept