CVE-2025-7107

Name of the Vulnerable Software and Affected Versions: SimStudioAI sim versions up to 0.1.17

Description: A critical issue has been found, affecting the handleLocalFile function of the file apps/sim/app/api/files/parse/route.ts. The manipulation of the filePath argument leads to path traversal. This issue can be exploited remotely.

Recommendations: For SimStudioAI sim versions up to 0.1.17, apply the patch identified as b2450530d1ddd0397a11001a72aa0fde401db16a to fix this issue. As a temporary workaround, consider restricting access to the handleLocalFile function to minimize the risk of exploitation.