Description
An issue in the component /Controllers/RestController.php of DreamFactory Core v1.0.3 allows attackers to execute a directory traversal via an unsanitized URI path.
Published: 2026-03-20
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Directory Traversal
Action: Immediate Patch
AI Analysis

Impact

The vulnerability resides in DreamFactory Core version 1.0.3, specifically the RestController component. An attacker can supply a malicious URI path that is not properly sanitized, resulting in a directory traversal exploit. This allows unauthorized read access to files outside the intended web root, potentially revealing configuration files or other sensitive data and enabling further compromise. The weakness is a classic path traversal issue.

Affected Systems

DreamFactory Core v1.0.3. The affected vendor is DreamFactory Software.

Risk and Exploitability

The CVSS score of 7.2 indicates a medium to high severity. The EPSS score is below 1%, suggesting low probability of active exploitation in the wild. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Attackers would need to send crafted HTTP requests to the vulnerable endpoint; no authentication is required as the path is not validated, making remote exploitation straightforward once the web interface is reachable.

Generated by OpenCVE AI on March 23, 2026 at 16:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade DreamFactory Core to a patched version that addresses the directory traversal flaw.
  • If an upgrade is not yet possible, configure the web server to reject requests containing directory traversal patterns or limit access to the web root only.
  • Ensure all incoming URI parameters are validated and sanitized by the application.
  • Monitor web server logs for suspicious path traversal attempts and investigate any incidents promptly.

Generated by OpenCVE AI on March 23, 2026 at 16:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-gv7f-w92j-383q DreamFactory has a directory traversal
History

Tue, 14 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:dreamfactory:dreamfactory_core:1.0.3:*:*:*:*:*:*:*

Wed, 25 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Title Directory Traversal via Unsanitized URI Path in DreamFactory Core

Mon, 23 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-22
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Dreamfactory
Dreamfactory dreamfactory Core
Vendors & Products Dreamfactory
Dreamfactory dreamfactory Core

Fri, 20 Mar 2026 21:00:00 +0000

Type Values Removed Values Added
Description An issue in the component /Controllers/RestController.php of DreamFactory Core v1.0.3 allows attackers to execute a directory traversal via an unsanitized URI path.
References

Subscriptions

Dreamfactory Dreamfactory Core
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-23T14:19:41.703Z

Reserved: 2025-08-16T00:00:00.000Z

Link: CVE-2025-55988

cve-icon Vulnrichment

Updated: 2026-03-23T14:19:25.648Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-20T21:17:12.300

Modified: 2026-04-14T19:27:15.650

Link: CVE-2025-55988

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:10:13Z

Weaknesses