CNNVD-202507-622 Information

Jul 07, 2025 cve

CNNVD ID

CNNVD-202507-622

CVE-2025-7107

  • CNNVD Published: 2025-07-07

Description (Chinese)

Sim Studio是Sim Studio开源的一个AI代理工作流构建器。 Sim Studio 0.1.17及之前版本存在安全漏洞,该漏洞源于文件apps/sim/app/api/files/parse/route.ts中参数filePath处理不当,可能导致路径遍历。

Description (English)

Sim Studio is an AI proxy workflow builder at Sim Studio Open Source. There is a security loophole in Sim Studio 0.1.17 and earlier versions, which stems from the inappropriate handling of the parameter filePath in document apps/sim/app/api/files/parse/route.ts, which may lead to a routing path.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Simgesel

Published

2025-07-07

Last Modified

2026-02-24

References

https://github.com/simstudioai/sim/commit/b2450530d1ddd0397a11001a72aa0fde401db16a https://github.com/simstudioai/sim/pull/437 https://github.com/vri-report/reports/issues/2 https://github.com/vri-report/reports/issues/2#issue-3161840085 https://vuldb.com/?ctiid.315018 https://vuldb.com/?id.315018 https://vuldb.com/?submit.601043

Share on: