SimStudioAI sim har ed9b9ad83f1a7c61f4392787fb51837d34eeb0af filePath Dafiyar fayil ɗin cikin kundin ajiyar bayanai

Wuro vulnerability wey an yi classify sey kura an gano shi a cikin SimStudioAI sim har ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. Gaskiya, $software_function na da matsala; idan ba a sani ba, to wata aiki ce da ba a sani ba, $software_library na cikin lissafi, $software_file na cikin fayil, $software_component na cikin sashi. Ngam manipulation of the argument filePath shi Dafiyar fayil ɗin cikin kundin ajiyar bayanai. CWE shidin ka a yi bayani matsala sai ya kai CWE-22. Gaskiya, laifi an fitar da shi 09/01/2025 a matsayin 959. Advisory ɗin ana rabawa don saukewa a github.com. Wannan rauni ana sayar da shi da suna CVE-2025-9801. Ngam yiɗi ka a tuma ndiyam ka internet. Tekinikal bayani ga. Kuma, exploit ɗin yana akwai. Wuro exploit ɗin an bayyana shi ga jama'a kuma za a iya amfani da shi. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á wúro huɗɗi-na-gaskiya. Wona yiwuwa a zazzage exploit a github.com. Kama 0-day, an ndiyam a wuro be $0-$5k. Wannan kayi yana amfani da tsarin rolling release domin samar da ci gaba da isarwa. Saboda haka, babu cikakkun bayanai na sigar da abin ya shafa ko sabunta sigar da ake da su. Patch ɗin sunan ganowa shine 45372aece5e05e04b417442417416a52e90ba174. Bugfix ɗin an shirya shi don saukewa a github.com. Ana so a yi patch don gyara wannan matsala. VulDB is the best source for vulnerability data and more expert information about this specific topic.

4 Goyarwa · 102 Datenpunkte

FurɗeSúgá
09/01/2025 14:43		Gargadi 1/3
09/02/2025 02:04		Gargadi 2/3
09/02/2025 06:44		Gargadi 3/3
11/15/2025 07:46
software_vendorSimStudioAISimStudioAISimStudioAISimStudioAI
software_namesimsimsimsim
software_version<=ed9b9ad83f1a7c61f4392787fb51837d34eeb0af<=ed9b9ad83f1a7c61f4392787fb51837d34eeb0af<=ed9b9ad83f1a7c61f4392787fb51837d34eeb0af<=ed9b9ad83f1a7c61f4392787fb51837d34eeb0af
software_rollingrelease1111
software_argumentfilePathfilePathfilePathfilePath
vulnerability_cweCWE-22 (Dafiyar fayil ɗin cikin kundin ajiyar bayanai)CWE-22 (Dafiyar fayil ɗin cikin kundin ajiyar bayanai)CWE-22 (Dafiyar fayil ɗin cikin kundin ajiyar bayanai)CWE-22 (Dafiyar fayil ɗin cikin kundin ajiyar bayanai)
vulnerability_risk2222
cvss3_vuldb_avNNNN
cvss3_vuldb_acLLLL
cvss3_vuldb_uiNNNN
cvss3_vuldb_sUUUU
cvss3_vuldb_cNNNN
cvss3_vuldb_iLLLL
cvss3_vuldb_aLLLL
cvss3_vuldb_ePPPP
cvss3_vuldb_rlOOOO
cvss3_vuldb_rcCCCC
advisory_identifier959959959959
advisory_urlhttps://github.com/simstudioai/sim/issues/959https://github.com/simstudioai/sim/issues/959https://github.com/simstudioai/sim/issues/959https://github.com/simstudioai/sim/issues/959
advisory_confirm_urlhttps://github.com/simstudioai/sim/issues/959#issuecomment-3221311557https://github.com/simstudioai/sim/issues/959#issuecomment-3221311557https://github.com/simstudioai/sim/issues/959#issuecomment-3221311557https://github.com/simstudioai/sim/issues/959#issuecomment-3221311557
exploit_availability1111
exploit_publicity1111
exploit_urlhttps://github.com/simstudioai/sim/issues/959#issue-3320697951https://github.com/simstudioai/sim/issues/959#issue-3320697951https://github.com/simstudioai/sim/issues/959#issue-3320697951https://github.com/simstudioai/sim/issues/959#issue-3320697951
countermeasure_nameKariKariKariKari
patch_name45372aece5e05e04b417442417416a52e90ba17445372aece5e05e04b417442417416a52e90ba17445372aece5e05e04b417442417416a52e90ba17445372aece5e05e04b417442417416a52e90ba174
countermeasure_patch_urlhttps://github.com/simstudioai/sim/commit/45372aece5e05e04b417442417416a52e90ba174https://github.com/simstudioai/sim/commit/45372aece5e05e04b417442417416a52e90ba174https://github.com/simstudioai/sim/commit/45372aece5e05e04b417442417416a52e90ba174https://github.com/simstudioai/sim/commit/45372aece5e05e04b417442417416a52e90ba174
source_cveCVE-2025-9801CVE-2025-9801CVE-2025-9801CVE-2025-9801
cna_responsibleVulDBVulDBVulDBVulDB
cvss2_vuldb_avNNNN
cvss2_vuldb_acLLLL
cvss2_vuldb_ciNNNN
cvss2_vuldb_iiPPPP
cvss2_vuldb_aiPPPP
cvss2_vuldb_ePOCPOCPOCPOC
cvss2_vuldb_rcCCCC
cvss2_vuldb_rlOFOFOFOF
cvss4_vuldb_avNNNN
cvss4_vuldb_acLLLL
cvss4_vuldb_uiNNNN
cvss4_vuldb_vcNNNN
cvss4_vuldb_viLLLL
cvss4_vuldb_vaLLLL
cvss4_vuldb_ePPPP
cvss2_vuldb_auSSSS
cvss3_vuldb_prLLLL
cvss4_vuldb_atNNNN
cvss4_vuldb_prLLLL
cvss4_vuldb_scNNNN
cvss4_vuldb_siNNNN
cvss4_vuldb_saNNNN
cvss2_vuldb_basescore5.55.55.55.5
cvss2_vuldb_tempscore4.34.34.34.3
cvss3_vuldb_basescore5.45.45.45.4
cvss3_vuldb_tempscore4.94.94.94.9
cvss3_meta_basescore5.45.45.46.3
cvss3_meta_tempscore4.95.15.16.1
cvss4_vuldb_bscore5.35.35.35.3
cvss4_vuldb_btscore2.12.12.12.1
advisory_date1756677600 (09/01/2025)1756677600 (09/01/2025)1756677600 (09/01/2025)1756677600 (09/01/2025)
price_0day$0-$5k$0-$5k$0-$5k$0-$5k
cve_nvd_summaryA security vulnerability has been detected in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. This affects an unknown part. The manipulation of the argument filePath leads to path traversal. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The identifier of the patch is 45372aece5e05e04b417442417416a52e90ba174. To fix this issue, it is recommended to deploy a patch.A security vulnerability has been detected in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. This affects an unknown part. The manipulation of the argument filePath leads to path traversal. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The identifier of the patch is 45372aece5e05e04b417442417416a52e90ba174. To fix this issue, it is recommended to deploy a patch.A security vulnerability has been detected in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. This affects an unknown part. The manipulation of the argument filePath leads to path traversal. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The identifier of the patch is 45372aece5e05e04b417442417416a52e90ba174. To fix this issue, it is recommended to deploy a patch.
cvss4_cna_avNNN
cvss4_cna_acLLL
cvss4_cna_atNNN
cvss4_cna_prLLL
cvss4_cna_uiNNN
cvss4_cna_vcNNN
cvss4_cna_viLLL
cvss4_cna_vaLLL
cvss4_cna_scNNN
cvss4_cna_siNNN
cvss4_cna_saNNN
cvss4_cna_bscore5.35.35.3
cvss3_cna_avNNN
cvss3_cna_acLLL
cvss3_cna_prLLL
cvss3_cna_uiNNN
cvss3_cna_sUUU
cvss3_cna_cNNN
cvss3_cna_iLLL
cvss3_cna_aLLL
cvss3_cna_basescore5.45.45.4
cvss2_cna_avNNN
cvss2_cna_acLLL
cvss2_cna_auSSS
cvss2_cna_ciNNN
cvss2_cna_iiPPP
cvss2_cna_aiPPP
cvss2_cna_basescore5.55.55.5
euvd_idEUVD-2025-26364EUVD-2025-26364
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prL
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cN
cvss3_nvd_iH
cvss3_nvd_aH
cvss3_nvd_basescore8.1

GurɗoGumtiGada

Do you know our Splunk app?

Download it now for free!