CVE-2025-9805

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions SimStudioAI versions prior to 51b1e97fa22c48d144aef75f8ca31a74ad2cfed2

Description A server-side request forgery issue exists due to unknown processing within the file apps/sim/app/api/proxy/image/route.ts. The attack can be performed remotely. The exploit has been made public.

Recommendations Apply patch 3424a338b763115f0269b209e777608e4cd31785 to resolve this issue.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2025-9805

Affected Products

Simstudioai Sim

CVE-2025-9805

Weakness Enumeration

Related Identifiers

Affected Products

References · 13