{“lastseen”:””,”description”:”A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown code of the file apps\/sim\/lib\/auth\/internal.ts of the component CRON Secret Handler. The manipulation of the argument INTERNAL_API_SECRET leads to improper authentication. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The identifier of the patch is e359dc2946b12ed5e45a0ec9c95ecf91bd18502a. Applying a patch is the recommended action to fix this issue.”,”published”:”2025-12-26T04:02:07.111Z”,”modified”:”2025-12-26T04:02:07.111Z”,”type”:”cve”,”title”:”simstudioai sim CRON Secret internal.ts improper authentication”,”source”:”VulDB”,”references”:”https:\/\/vuldb.com\/?id.338430\\nhttps:\/\/vuldb.com\/?ctiid.338430\\nhttps:\/\/vuldb.com\/?submit.710255\\nhttps:\/\/gist.github.com\/H2u8s\/c533741e1b36f6245d41cace89a7f4d2\\nhttps:\/\/github.com\/simstudioai\/sim\/pull\/2343\\nhttps:\/\/gist.github.com\/H2u8s\/c533741e1b36f6245d41cace89a7f4d2#-steps-to-reproduce\\nhttps:\/\/github.com\/simstudioai\/sim\/commit\/e359dc2946b12ed5e45a0ec9c95ecf91bd18502a”,”id”:”CVE-2025-15099″,”bulletinFamily”:””,”cwe”:[“CWE-287″],”cvelist”:null,”sourceData”:”simstudioai sim 0.5.0\\nsimstudioai sim 0.5.1\\nsimstudioai sim 0.5.2\\nsimstudioai sim 0.5.3\\nsimstudioai sim 0.5.4\\nsimstudioai sim 0.5.5\\nsimstudioai sim 0.5.6\\nsimstudioai sim 0.5.7\\nsimstudioai sim 0.5.8\\nsimstudioai sim 0.5.9\\nsimstudioai sim 0.5.10\\nsimstudioai sim 0.5.11\\nsimstudioai sim 0.5.12\\nsimstudioai sim 0.5.13\\nsimstudioai sim 0.5.14\\nsimstudioai sim 0.5.15\\nsimstudioai sim 0.5.16\\nsimstudioai sim 0.5.17\\nsimstudioai sim 0.5.18\\nsimstudioai sim 0.5.19\\nsimstudioai sim 0.5.20\\nsimstudioai sim 0.5.21\\nsimstudioai sim 0.5.22\\nsimstudioai sim 0.5.23\\nsimstudioai sim 0.5.24\\nsimstudioai sim 0.5.25\\nsimstudioai sim 0.5.26\\nsimstudioai sim 0.5.27″,”sourceHref”:””,”cvss”:{“score”:6.9,”severity”:”MEDIUM”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:N\/VC:L\/VI:L\/VA:L\/SC:N\/SI:N\/SA:N\/E:P”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”sim”,”version”:”0.5.0″,”vendor”:”simstudioai”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown code of the file apps\/sim\/lib\/auth\/internal.ts of the component CRON Secret Handler….<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,48,12,21,13,7,11,5],"class_list":["post-32884","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-69","tag-exploit","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n