{"id":7708,"date":"2025-07-07T01:35:56","date_gmt":"2025-07-07T01:35:56","guid":{"rendered":"http:\/\/localhost\/?p=7708"},"modified":"2025-07-07T01:35:56","modified_gmt":"2025-07-07T01:35:56","slug":"simstudioai-sim-session-routets-post-missing-authentication","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=7708","title":{"rendered":"SimStudioAI sim Session route.ts POST missing authentication"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nSimStudioAI sim Session route.ts POST missing authentication<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-07-07T05:32:05.686Z<\/td>\n<\/tr>\n
Modified<\/th>\n2025-07-07T05:32:05.686Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nSimStudioAI<\/td>\n<\/tr>\n
Product<\/th>\nsim<\/td>\n<\/tr>\n
Version<\/th>\n37786d371e17d35e0764e1b5cd519d873d90d97b<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n
Base Score<\/th>\n6.9 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:N\/VC:L\/VI:L\/VA:L\/SC:N\/SI:N\/SA:N\/E:P<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA critical vulnerability in SimStudioAI sim’s Session Handler allows unauthenticated remote attackers to exploit missing authentication in the POST function of route.ts. This could lead to unauthorized access. The vendor has not responded to the disclosure.<\/td>\n<\/tr>\n
AI Severity<\/th>\nCritical<\/td>\n<\/tr>\n
AI Vendor<\/th>\nSimStudioAI<\/td>\n<\/tr>\n
AI Product<\/th>\nSimStudioAI sim<\/td>\n<\/tr>\n
AI Version<\/th>\n37786d371e17d35e0764e1b5cd519d873d90d97b<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n