{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-55988", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-23T14:19:41.703Z", "dateReserved": "2025-08-16T00:00:00.000Z", "datePublished": "2026-03-20T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-20T20:35:04.095Z"}, "descriptions": [{"lang": "en", "value": "An issue in the component /Controllers/RestController.php of DreamFactory Core v1.0.3 allows attackers to execute a directory traversal via an unsanitized URI path."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/dreamfactorysoftware/df-core/commit/54354605b2ec9afe6ee96756a5a22f6f56828950#diff-e57a7c0af25166ac8f02695307c6c413ca4ba0a48a20b2202ad910654528aab1"}, {"url": "https://pentest-tools.com/PTT-2025-001-RemoteCodeExecution-via-URL-Path-Traversal.pdf"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T14:19:11.807357Z", "id": "CVE-2025-55988", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T14:19:41.703Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-55988", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-23T14:19:11.807357Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T14:19:25.648Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/dreamfactorysoftware/df-core/commit/54354605b2ec9afe6ee96756a5a22f6f56828950#diff-e57a7c0af25166ac8f02695307c6c413ca4ba0a48a20b2202ad910654528aab1"}, {"url": "https://pentest-tools.com/PTT-2025-001-RemoteCodeExecution-via-URL-Path-Traversal.pdf"}], "descriptions": [{"lang": "en", "value": "An issue in the component /Controllers/RestController.php of DreamFactory Core v1.0.3 allows attackers to execute a directory traversal via an unsanitized URI path."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-20T20:35:04.095Z"}}}, "cveMetadata": {"cveId": "CVE-2025-55988", "state": "PUBLISHED", "dateUpdated": "2026-03-23T14:19:41.703Z", "dateReserved": "2025-08-16T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-20T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dreamfactory:dreamfactory_core:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "8B1416EF-51B5-4942-98DB-BB82D606BE88", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue in the component /Controllers/RestController.php of DreamFactory Core v1.0.3 allows attackers to execute a directory traversal via an unsanitized URI path."}, {"lang": "es", "value": "Un problema en el componente /Controllers/RestController.php de DreamFactory Core v1.0.3 permite a los atacantes ejecutar un salto de directorio a trav\u00e9s de una ruta URI no saneada."}], "id": "CVE-2025-55988", "lastModified": "2026-04-14T19:27:15.650", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-20T21:17:12.300", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/dreamfactorysoftware/df-core/commit/54354605b2ec9afe6ee96756a5a22f6f56828950#diff-e57a7c0af25166ac8f02695307c6c413ca4ba0a48a20b2202ad910654528aab1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://pentest-tools.com/PTT-2025-001-RemoteCodeExecution-via-URL-Path-Traversal.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.0.3"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "dreamfactory_core", "vendor": "dreamfactory"}], "analysis": {"en": {"generated_at": "2026-04-14T21:11:21.964020+00:00", "value": {"mitigation_remediation": ["Verify the currently running DreamFactory Core version. If v1.0.3 or earlier is in use, update the application to the patched release that includes commit 54354605b2ec9afe6ee96756a5a22f6f56828950. This can be done by pulling the latest master branch and performing the database migration if required.", "If a direct upgrade is not immediately possible, deploy a temporary file\u2011system path whitelist on the web server or reverse proxy to block requests containing \"../\" or other traversal patterns before they reach the DreamFactory application."], "summary": {"action": "Immediate Patch", "impact": "Directory Traversal, Confidentiality Breach"}, "threat_synthesis": {"affected_systems": "The flaw is present only in DreamFactory Core version 1.0.3. Users running this exact version, or any earlier releases that have not been patched by the community commit referenced in the advisory, are affected. The product is the open\u2011source backend framework DreamFactory Core provided by DreamFactory software.", "description_and_impact": "The affected component in DreamFactory Core is a PHP REST controller that fails to sanitize the URI path. An attacker can supply a crafted request that contains path traversal sequences, such as \"../\". This manipulation allows the application to read any file on the server that the web server process can access, potentially exposing sensitive configuration, credentials, or source code. The weakness is classified as CWE-22, a directory traversal flaw that directly compromises confidentiality, and may lead to further integrity or availability problems if attackers gain read access to critical files.", "risk_and_exploitability": "The CVSS base score is 7.2, indicating a high severity for a medium complexity attack. The EPSS score of less than 1% suggests that exploitation attempts are unlikely at present, and the vulnerability is not recorded in the CISA KEV list. Nevertheless, the ease of crafting the malicious URI and the fact that the flaw resides in a publicly exposed REST endpoint means that the attack vector is remote over HTTP or HTTPS. An attacker only needs network access to the application and the ability to send a JSON\u2011encoded request, making the exploitation relatively straightforward if the system exposes the vulnerable endpoint to the internet."}}}}, "created": "2026-03-23T09:54:14.492499+00:00", "updated": "2026-04-15T16:45:09.822363+00:00", "vendors": ["dreamfactory", "dreamfactory$PRODUCT$dreamfactory_core"]}