CVE-2025-15099

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions simstudioai sim versions prior to 0.5.27

Description A flaw exists in simstudioai sim up to version 0.5.27 related to improper authentication. The issue resides within the CRON Secret Handler component, specifically in the file apps/sim/lib/auth/internal.ts. Manipulation of the INTERNAL API SECRET argument can lead to unauthorized access. The exploit is publicly available.

Recommendations Apply the patch with identifier e359dc2946b12ed5e45a0ec9c95ecf91bd18502a.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2025-15099

Affected Products

Simstudioai Sim

CVE-2025-15099

Weakness Enumeration

Related Identifiers

Affected Products

References · 15