Submit #644954: simstudioai https://github.com/simstudioai/sim <=1.0.0 Remote Code Executioninfo

Titlesimstudioai https://github.com/simstudioai/sim <=1.0.0 Remote Code Execution
DescriptionThe RCE vulnerability was discovered on /api/function/execute in latest version of SIM. The functionality has user-controllable parameter without any blacklist/whitelist filtering or special character escaping security measures, allowing attackers to execute arbitrary javascript code.
Source⚠️ https://github.com/simstudioai/sim/issues/961
User
 ZAST.AI (UID 87884)
Submission08/31/2025 15:24 (9 months ago)
Moderation09/08/2025 11:55 (8 days later)
StatusAccepted
VulDB entry323058 [SimStudioAI sim up to 1.0.0 route.ts code code injection]
Points18

PreviousOverviewNext

Want to know what is going to be exploited?

We predict KEV entries!