High severity7.2NVD Advisory· Published Mar 20, 2026· Updated Apr 14, 2026
CVE-2025-55988
CVE-2025-55988
Description
An issue in the component /Controllers/RestController.php of DreamFactory Core v1.0.3 allows attackers to execute a directory traversal via an unsanitized URI path.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
dreamfactory/df-corePackagist | < 1.0.4 | 1.0.4 |
Affected products
2- cpe:2.3:a:dreamfactory:dreamfactory_core:1.0.3:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
4- github.com/dreamfactorysoftware/df-core/commit/54354605b2ec9afe6ee96756a5a22f6f56828950nvdPatchWEB
- github.com/advisories/GHSA-gv7f-w92j-383qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-55988ghsaADVISORY
- pentest-tools.com/PTT-2025-001-RemoteCodeExecution-via-URL-Path-Traversal.pdfnvdThird Party AdvisoryWEB
News mentions
0No linked articles in our index yet.