CVE-2025-9805
BaseFortify
Publication date: 2025-09-02
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sim | sim | to 0.3.40 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9805 is a Server-Side Request Forgery (SSRF) vulnerability in the SimStudioAI sim application. It occurs because certain GET functions in the proxy API routes fail to properly validate and filter incoming request parameters. This flaw allows attackers to craft malicious requests that cause the server to make unauthorized requests to internal or external resources, potentially accessing internal network services or local files. The vulnerability can be exploited remotely without authentication. [1, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to make the server perform unauthorized requests to internal or external systems. This can lead to unauthorized access to internal intranet systems, reading sensitive local files on the server, and unauthorized reading of cloud metadata services, which may expose credentials and enable full cloud infrastructure takeover. The flaw affects the confidentiality, integrity, and availability of the affected system and can be exploited remotely with relative ease. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious requests to the proxy endpoints that include potentially malicious URLs. For example, you can look for HTTP requests to endpoints like `/api/proxy` or `/api/proxy/image` with URL parameters that point to internal IP addresses, file protocols, or unexpected destinations. Commands such as the following curl examples can be used to test if the system is vulnerable: - curl "http://localhost:3000/api/proxy?url=http://172.17.0.1:9999&method=POST&body=1&header.12=test12&header.Content-Type=12222222222222" - curl "http://localhost:3000/api/proxy/image?url=https://example.com" - curl "http://localhost:3000/api/proxy?url=file:///proc/self/environ&method=POST" Additionally, inspecting logs for blocked or suspicious requests, especially those involving non-http/https URLs or internal network addresses, can help detect exploitation attempts. [3]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to apply the patch identified by commit `3424a338b763115f0269b209e777608e4cd31785` which implements strict URL validation in the proxy API routes. This patch ensures that only URLs starting with safe protocols like http or https are allowed, blocking requests with invalid or potentially dangerous URLs such as file protocol URLs. Additionally, the patch adds logging for blocked requests and errors to aid in monitoring. Until the patch can be applied, it is recommended to restrict access to the vulnerable proxy endpoints and monitor for suspicious activity. [2, 3, 4]