Опубликовано: 08 сент. 2025
Источник: github
Github: Прошло ревью
CVSS4: 5.3
CVSS3: 6.3
Описание
SimStudioAI: A function in route.ts is vulnerable to Code Injection
A vulnerability was identified in SimStudioAI sim. This impacts an unknown function of the file apps/sim/app/api/function/execute/route.ts. The manipulation of the argument code leads to code injection. The attack is possible to be carried out remotely.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-10097
- https://github.com/simstudioai/sim/issues/961
- https://github.com/simstudioai/sim/issues/961#issuecomment-3215578979
- https://github.com/simstudioai/sim/pull/1149/commits/3f790867427275ebae3b3dc75cf1d93d912ac9ca
- https://vuldb.com/?ctiid.323058
- https://vuldb.com/?id.323058
- https://vuldb.com/?submit.644954
Пакеты
Наименование
simstudio
npm
Затронутые версииВерсия исправления
<= 0.1.19
Отсутствует
EPSS
Процентиль: 7%
0.00027
Низкий
5.3 Medium
CVSS4
6.3 Medium
CVSS3
CVE ID
Дефекты
CWE-74
CWE-94
Связанные уязвимости
CVSS3: 6.3
nvd
5 месяцев назад
A vulnerability was identified in SimStudioAI sim up to 1.0.0. This impacts an unknown function of the file apps/sim/app/api/function/execute/route.ts. The manipulation of the argument code leads to code injection. The attack is possible to be carried out remotely.
EPSS
Процентиль: 7%
0.00027
Низкий
5.3 Medium
CVSS4
6.3 Medium
CVSS3
CVE ID
Дефекты
CWE-74
CWE-94