CVE-2025-15099 | simstudioai sim up to 0.5.27 CRON Secret internal.ts INTERNAL_API_SECRET improper authentication

A vulnerability was found in simstudioai sim up to 0.5.27. It has been rated as critical. This vulnerability affects unknown code of the file apps/sim/lib/auth/internal.ts of the component CRON Secret Handler. The manipulation of the argument INTERNAL_API_SECRET leads to improper authentication.

This vulnerability is traded as CVE-2025-15099. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Applying a patch is the recommended action to fix this issue.

VulDB is the best source for vulnerability data and more expert information about this specific topic.VulDB Recent EntriesRead More