CNNVD-202509-025 Information

CNNVD ID

CNNVD-202509-025

Related CVE

CVE-2025-9800

• CNNVD Published: 2025-09-01

Description (Chinese)

Sim Studio是Sim Studio开源的一个AI代理工作流构建器。 Sim Studio存在安全漏洞，该漏洞源于对文件apps/sim/app/api/files/upload/route.ts中参数File的错误操作导致任意文件上传。

Description (English)

Sim Studio is an AI proxy workflow builder at Sim Studio Open Source. Sim Studio had a security loophole, which stemmed from an error in handling File, the parameter in document Apps/sim/app/api/files/upload/route.ts, resulting in the uploading of any document.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

SIMPLE

Published

2025-09-01

Last Modified

2026-02-24

References

https://vuldb.com/?submit.641129 https://vuldb.com/?id.322115 https://vuldb.com/?ctiid.322115 https://github.com/simstudioai/sim/issues/958#issuecomment-3221311734 https://github.com/simstudioai/sim/issues/958#issue-3320696271 https://github.com/simstudioai/sim/commit/45372aece5e05e04b417442417416a52e90ba174 https://access.redhat.com/security/cve/cve-2025-9800 https://nvd.nist.gov/vuln/detail/CVE-2025-9800