VYPR
High severity7.3NVD Advisory· Published Dec 26, 2025· Updated Apr 29, 2026

CVE-2025-15099

CVE-2025-15099

Description

A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown code of the file apps/sim/lib/auth/internal.ts of the component CRON Secret Handler. The manipulation of the argument INTERNAL_API_SECRET leads to improper authentication. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The identifier of the patch is e359dc2946b12ed5e45a0ec9c95ecf91bd18502a. Applying a patch is the recommended action to fix this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:sim:sim:*:*:*:*:*:*:*:*
    Range: <=0.5.27
  • Sawstudio/Simllm-fuzzy
    Range: <=0.5.27

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.