Cradicle Explorer

/ data / vuln_en / simstudioai / CVE-2025-7107.yaml
CVE-2025-7107.yaml
 1  info:
 2    name: simstudioai
 3    cve: CVE-2025-7107
 4    summary: SimStudioAI sim path traversal vulnerability in handleLocalFile function.
 5    details: |
 6      A critical path traversal vulnerability exists in the `handleLocalFile` function of SimStudioAI sim up to version 0.1.17.
 7      By manipulating the `filePath` argument, a remote attacker can traverse directories, potentially accessing or manipulating
 8      arbitrary files on the system. The exploit has been publicly disclosed.
 9    cvss: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
10    severity: MEDIUM
11    security_advise: |
12      1. Apply the patch identified as `b2450530d1ddd0397a11001a72aa0fde401db16a`.
13      2. Upgrade SimStudioAI sim to a version beyond 0.1.17 once available.
14      3. Implement strict input validation and sanitization for file paths to prevent directory traversal.
15  rule: version <= "0.1.17"
16  references:
17    - https://nvd.nist.gov/vuln/detail/CVE-2025-7107
18    - https://github.com/vri-report/reports/issues/2
19    - https://github.com/vri-report/reports/issues/2#issue-3161840085
20    - https://github.com/simstudioai/sim/pull/437
21    - https://github.com/simstudioai/sim/commit/b2450530d1ddd0397a11001a72aa0fde401db16a
22    - https://vuldb.com/?ctiid.315018
23    - https://vuldb.com/?id.315018
24    - https://vuldb.com/?submit.601043