6.9
/ 10
MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Description
A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown code of the file apps/sim/lib/auth/internal.ts of the component CRON Secret Handler. The manipulation of the argument INTERNAL_API_SECRET leads to improper authentication. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The identifier of the patch is e359dc2946b12ed5e45a0ec9c95ecf91bd18502a. Applying a patch is the recommended action to fix this issue.
Basic Information
ID
CVE-2025-15099
Source
VulDB
Published
Dec 26, 2025 at 04:02
Affected Product
Vendor
simstudioai
Product
sim
Version
0.5.0
Affected Versions
simstudioai sim 0.5.0
simstudioai sim 0.5.1
simstudioai sim 0.5.2
simstudioai sim 0.5.3
simstudioai sim 0.5.4
simstudioai sim 0.5.5
simstudioai sim 0.5.6
simstudioai sim 0.5.7
simstudioai sim 0.5.8
simstudioai sim 0.5.9
simstudioai sim 0.5.10
simstudioai sim 0.5.11
simstudioai sim 0.5.12
simstudioai sim 0.5.13
simstudioai sim 0.5.14
simstudioai sim 0.5.15
simstudioai sim 0.5.16
simstudioai sim 0.5.17
simstudioai sim 0.5.18
simstudioai sim 0.5.19
simstudioai sim 0.5.20
simstudioai sim 0.5.21
simstudioai sim 0.5.22
simstudioai sim 0.5.23
simstudioai sim 0.5.24
simstudioai sim 0.5.25
simstudioai sim 0.5.26
simstudioai sim 0.5.27
simstudioai sim 0.5.1
simstudioai sim 0.5.2
simstudioai sim 0.5.3
simstudioai sim 0.5.4
simstudioai sim 0.5.5
simstudioai sim 0.5.6
simstudioai sim 0.5.7
simstudioai sim 0.5.8
simstudioai sim 0.5.9
simstudioai sim 0.5.10
simstudioai sim 0.5.11
simstudioai sim 0.5.12
simstudioai sim 0.5.13
simstudioai sim 0.5.14
simstudioai sim 0.5.15
simstudioai sim 0.5.16
simstudioai sim 0.5.17
simstudioai sim 0.5.18
simstudioai sim 0.5.19
simstudioai sim 0.5.20
simstudioai sim 0.5.21
simstudioai sim 0.5.22
simstudioai sim 0.5.23
simstudioai sim 0.5.24
simstudioai sim 0.5.25
simstudioai sim 0.5.26
simstudioai sim 0.5.27