CVE-2025-7107 | SimStudioAI sim up to 0.1.17 route.ts handleLocalFile filePath path traversal

A vulnerability classified as critical has been found in SimStudioAI sim up to 0.1.17. Affected is the function handleLocalFile of the file apps/sim/app/api/files/parse/route.ts. The manipulation of the argument filePath leads to path traversal.

This vulnerability is traded as CVE-2025-7107. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

It is recommended to apply a patch to fix this issue.VulDB Recent EntriesRead More