CVE-2025-9805 in sim
Summary
by MITRE • 09/02/2025
A vulnerability was found in SimStudioAI sim up to 51b1e97fa22c48d144aef75f8ca31a74ad2cfed2. This issue affects some unknown processing of the file apps/sim/app/api/proxy/image/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been made public and could be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The patch is identified as 3424a338b763115f0269b209e777608e4cd31785. Applying a patch is advised to resolve this issue.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 11/15/2025
This vulnerability represents a critical server-side request forgery flaw in SimStudioAI sim software that affects the image proxy functionality within the application's api layer. The issue exists in the file apps/sim/app/api/proxy/image/route.ts which processes external requests for image handling and routing. The vulnerability stems from insufficient input validation and sanitization of user-supplied parameters that are directly used in constructing outgoing HTTP requests to external services. This allows malicious actors to manipulate the proxy endpoint to make unauthorized requests to internal or external systems that should not be accessible through the normal application interface.
The technical implementation flaw demonstrates poor secure coding practices where user-controllable input is passed directly to HTTP client libraries without proper validation or sanitization. The attack vector is remotely exploitable, meaning an attacker can leverage this vulnerability from outside the network boundary without requiring local access or authentication. The vulnerability enables attackers to potentially access internal network resources, perform unauthorized data exfiltration, or conduct further reconnaissance activities by routing requests through the vulnerable proxy endpoint. This type of vulnerability commonly maps to CWE-918 Server-Side Request Forgery and aligns with ATT&CK technique T1190 for Proxying and T1071.3 for Application Layer Protocol.
The operational impact of this vulnerability is severe as it can lead to unauthorized access to backend systems, data breaches, and potential lateral movement within the network infrastructure. Attackers could use this vulnerability to probe internal services, access sensitive data, or establish persistent access points through the compromised proxy endpoint. The rolling release deployment model used by this product complicates remediation efforts as the specific version information is not disclosed, making it difficult for organizations to determine if their installations are vulnerable. The public availability of exploit code increases the risk profile significantly as it reduces the barrier to exploitation.
Organizations should immediately apply the patch identified by commit hash 3424a338b763115f0269b209e777608e4cd31785 to remediate this vulnerability. Additionally, network segmentation should be implemented to isolate the affected application from critical internal systems, and proper input validation should be enforced at all entry points. Organizations should also implement monitoring and logging of proxy endpoint usage to detect anomalous requests that may indicate exploitation attempts. The remediation process should include thorough code review of similar proxy implementations within the application to identify and fix other potential vulnerabilities of the same class. Security teams should consider implementing web application firewalls and request filtering rules to prevent known malicious patterns from reaching the vulnerable endpoint.