CNNVD-202512-4821 Information
CNNVD ID
CNNVD-202512-4821
Related CVE
- CNNVD Published: 2025-12-26
Description (Chinese)
Sim Studio是Sim Studio开源的一个AI代理工作流构建器。 Sim Studio 0.5.27及之前版本存在安全漏洞,该漏洞源于对文件apps/sim/lib/auth/internal.ts中参数INTERNAL_API_SECRET的错误操作,可能导致身份验证不当。
Description (English)
Sim Studio is an AI proxy workflow builder at Sim Studio Open Source. Sim Studio 0.5.27 and previous versions contained a security loophole, which stemmed from an error in the use of the parameter INTERNAL API SECRET in document Apps/sim/lib/auth/international.ts, which could lead to improper identification.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Sim Studio
Published
2025-12-26
Last Modified
2026-02-24
References
https://gist.github.com/H2u8s/c533741e1b36f6245d41cace89a7f4d2 https://gist.github.com/H2u8s/c533741e1b36f6245d41cace89a7f4d2#-steps-to-reproduce https://github.com/simstudioai/sim/commit/e359dc2946b12ed5e45a0ec9c95ecf91bd18502a https://github.com/simstudioai/sim/pull/2343 https://vuldb.com/?ctiid.338430 https://vuldb.com/?id.338430 https://vuldb.com/?submit.710255 https://access.redhat.com/security/cve/cve-2025-15099
Patch
https://github.com/simstudioai/sim/releases
Share on: