CVE-2025-7107
BaseFortify
Publication date: 2025-07-07
Last updated on: 2025-10-01
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sim | sim | to 0.1.17 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7107 is a critical path traversal vulnerability in SimStudioAI Sim (up to version 0.1.17) that occurs in the function handleLocalFile within the file apps/sim/app/api/files/parse/route.ts. The vulnerability arises because the application does not properly validate the filePath parameter, allowing attackers to manipulate this input to traverse directories outside the intended upload directory. This enables unauthenticated remote attackers to read arbitrary files on the server, including sensitive system and application files, by sending specially crafted requests to the /api/files/parse endpoint. [1, 3, 4]
How can this vulnerability impact me? :
This vulnerability can lead to significant data exposure and loss of confidentiality. Attackers can remotely and without authentication read arbitrary files on the server's filesystem, including sensitive files such as /etc/passwd, application source code, configuration files, environment variables, SSH keys, and logs. This unauthorized access can compromise the security of the system, potentially leading to further attacks or data breaches. [1, 3, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring and testing the `/api/files/parse` endpoint for path traversal attempts. A common detection method is to send crafted requests with filePath parameters containing traversal sequences such as `../../../../etc/passwd` and observe if the server returns unauthorized file contents. For example, you can use a curl command to test the endpoint: ```bash curl -X POST http://<target-host>:3000/api/files/parse -H 'Content-Type: application/json' -d '{"filePath": "/api/files/serve/../../../../etc/passwd"}' ``` If the server responds with the contents of `/etc/passwd` or other sensitive files, the system is vulnerable. Additionally, monitoring logs for unusual requests containing `..` or encoded traversal sequences in the filePath parameter can help detect exploitation attempts. [4]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to apply the official patch identified by commit `b2450530d1ddd0397a11001a72aa0fde401db16a` which fixes the path traversal vulnerability by validating and sanitizing the filePath parameter to reject traversal sequences and paths outside the allowed upload directory. Until the patch is applied, you should restrict access to the vulnerable endpoint, implement strict input validation to block suspicious file paths containing `..`, `~`, or absolute paths, and monitor for exploitation attempts. Applying the patch ensures that the API rejects malicious paths with appropriate error messages and prevents unauthorized file system access. [2, 5]