Moderate severityNVD Advisory· Published Sep 8, 2025· Updated Sep 9, 2025
SimStudioAI sim route.ts code injection
CVE-2025-10097
Description
A vulnerability was identified in SimStudioAI sim up to 1.0.0. This impacts an unknown function of the file apps/sim/app/api/function/execute/route.ts. The manipulation of the argument code leads to code injection. The attack is possible to be carried out remotely.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
simstudionpm | <= 0.1.19 | — |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- github.com/advisories/GHSA-g4c9-f287-64xgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-10097ghsaADVISORY
- vuldb.comghsathird-party-advisoryWEB
- github.com/simstudioai/sim/issues/961ghsaissue-trackingWEB
- github.com/simstudioai/sim/issues/961ghsaissue-trackingWEB
- github.com/simstudioai/sim/pull/1149/commits/3f790867427275ebae3b3dc75cf1d93d912ac9caghsaWEB
- vuldb.comghsasignaturepermissions-requiredWEB
- vuldb.comghsavdb-entrytechnical-descriptionWEB
News mentions
0No linked articles in our index yet.