Path Traversal Vulnerability in SimStudioAI Sim by SimStudioAI
CVE-2025-9801

5.3MEDIUM

Key Information:

Vendor

Simstudioai

Status
Sim
Vendor
CVE Published:
1 September 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-9801?

A security weakness in SimStudioAI Sim allows for path traversal due to improper handling of the 'filePath' argument. This vulnerability could enable remote attackers to gain unauthorized access to files outside the intended directory, resulting in potential data exposure. The exploit has been publicly disclosed and may be actively utilized by malicious actors. Users are strongly advised to deploy the necessary patch identified by commit 45372aece5e05e04b417442417416a52e90ba174 to mitigate this risk.

Affected Version(s)

sim ed9b9ad83f1a7c61f4392787fb51837d34eeb0af

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-9801 - Proof of Concept

References

https://vuldb.com/?id.322116
vdb-entrytechnical-description
https://vuldb.com/?ctiid.322116
signaturepermissions-required
https://vuldb.com/?submit.641130
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

ZAST.AI (VulDB User)
.