CVE-2025-10096

Name of the Vulnerable Software and Affected Versions: SimStudioAI sim versions up to 1.0.0

Description: A vulnerability exists in SimStudioAI sim that allows for server-side request forgery. The issue is related to the manipulation of the filePath argument within a file located at apps/sim/app/api/files/parse/route.ts. The attack can be executed remotely. The exploit has been publicly disclosed.

Recommendations: Apply patch 3424a338b763115f0269b209e777608e4cd31785 to resolve this issue.