What is CVE-2025-9801?

CVE-2025-9801 is a medium-severity vulnerability in Sim, classified under Path Traversal. CVSS score: 5.4/10. Published 2025-09-01.

How severe is CVE-2025-9801?

Medium severity. CVSS v3 base score is 5.4 out of 10.

Is CVE-2025-9801 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Sim

CVE-2025-9801

A security vulnerability has been detected in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. This affects an unknown part. The manipulation of the argument filePath leads to path traversal. Remote exploitation of the attac…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.007 (46.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L.

Affected products

Sim
Simstudioai Sim — versions ed9b9ad83f1a7c61f4392787fb51837d34eeb0af

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

References

cna@vuldb.com (technical-description, VDB Entry, Third Party Advisory, vdb-entry)
cna@vuldb.com (signature, Permissions Required, permissions-required, VDB Entry)
cna@vuldb.com (VDB Entry, Third Party Advisory, third-party-advisory)
cna@vuldb.com (issue-tracking, Exploit, Issue Tracking, Vendor Advisory)
cna@vuldb.com (issue-tracking, Patch, Issue Tracking)
cna@vuldb.com (issue-tracking, Exploit, exploit, Issue Tracking, Vendor Advisory)
cna@vuldb.com (Patch, patch)

Frequently asked questions

What is CVE-2025-9801?: CVE-2025-9801 is a medium-severity vulnerability in Sim, classified under Path Traversal. CVSS score: 5.4/10. Published 2025-09-01.
How severe is CVE-2025-9801?: Medium severity. CVSS v3 base score is 5.4 out of 10.
Is CVE-2025-9801 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.