Medium severity6.3NVD Advisory· Published Sep 8, 2025· Updated Apr 29, 2026

CVE-2025-10096

Description

A vulnerability was determined in SimStudioAI sim up to 1.0.0. This affects an unknown function of the file apps/sim/app/api/files/parse/route.ts. Executing manipulation of the argument filePath can lead to server-side request forgery. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This patch is called 3424a338b763115f0269b209e777608e4cd31785. Applying a patch is advised to resolve this issue.

Affected products

Sim/Sim
cpe:2.3:a:sim:sim:*:*:*:*:*:*:*:*
Range: <0.3.40

Patches

fd6d927228a7

https://github.com/simstudioai/simvia osv

3424a338b763

https://github.com/simstudioai/simvia nvd-ref

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/simstudioai/sim/commit/3424a338b763115f0269b209e777608e4cd31785nvdPatch
github.com/simstudioai/sim/issues/960nvdExploitIssue TrackingVendor Advisory
vuldb.comnvdThird Party AdvisoryVDB Entry
vuldb.comnvdThird Party AdvisoryVDB Entry
github.com/simstudioai/sim/pull/1149nvdIssue Tracking
vuldb.comnvdPermissions RequiredVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.410
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000