CVE-2025-7107

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-7107

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7107.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-7107

Published

2025-07-07T03:15:30.363Z

Modified

2026-04-10T05:35:35.644567Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability classified as critical has been found in SimStudioAI sim up to 0.1.17. Affected is the function handleLocalFile of the file apps/sim/app/api/files/parse/route.ts. The manipulation of the argument filePath leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The patch is identified as b2450530d1ddd0397a11001a72aa0fde401db16a. It is recommended to apply a patch to fix this issue.

References

Affected packages

Git / github.com/simstudioai/sim

Affected ranges

Type: GIT
Repo: https://github.com/simstudioai/sim
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b2450530d1ddd0397a11001a72aa0fde401db16a

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7107.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "0.1.17"
            }
        ]
    }
]