CVE-2025-9801
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-01

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security vulnerability has been detected in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. This affects an unknown part. The manipulation of the argument filePath leads to path traversal. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The identifier of the patch is 45372aece5e05e04b417442417416a52e90ba174. To fix this issue, it is recommended to deploy a patch.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-01
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-09-02
EPSS Evaluated
2026-06-14
NVD
CVE-2025-9801
EUVD
EUVD-2025-26364
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sim sim to 0.3.40 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in SimStudioAI sim involves a path traversal issue caused by manipulation of the argument filePath. This allows an attacker to access files and directories outside the intended scope by crafting a malicious filePath. The vulnerability can be exploited remotely and has been publicly disclosed.

Impact Analysis

The vulnerability can allow an attacker to access unauthorized files on the system remotely, potentially leading to information disclosure or further exploitation. This can compromise the integrity and availability of the affected system.

Mitigation Strategies

To mitigate this vulnerability, it is recommended to deploy the patch identified by commit 45372aece5e05e04b417442417416a52e90ba174. Since the product follows a rolling release approach, ensure your SimStudioAI sim installation is updated to the latest version that includes this patch.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9801. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart