CVE-2025-55988

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-55988

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-55988.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-55988

Aliases

GHSA-gv7f-w92j-383q

Published

2026-03-20T21:17:12.300Z

Modified

2026-04-10T05:30:04.164179Z

Summary

[none]

Details

An issue in the component /Controllers/RestController.php of DreamFactory Core v1.0.3 allows attackers to execute a directory traversal via an unsanitized URI path.

References

Affected packages

Git / github.com/dreamfactorysoftware/df-core

Affected ranges

Type: GIT
Repo: https://github.com/dreamfactorysoftware/df-core
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

54354605b2ec9afe6ee96756a5a22f6f56828950

Affected versions

0.*

0.0.10

0.0.11

0.0.12

0.0.13

0.0.14

0.0.15

0.0.16

0.0.3

0.0.4

0.0.5

0.0.6

0.0.7

0.0.8

0.0.9

0.1.0

0.1.1

0.1.10

0.1.11

0.1.12

0.1.13

0.1.2

0.1.3

0.1.4

0.1.5

0.1.6

0.1.7

0.1.8

0.1.9

0.10.0

0.11.0

0.11.1

0.12.0

0.12.1

0.12.2

0.12.3

0.13.0

0.13.1

0.14.0

0.14.1

0.14.2

0.14.3

0.15.1

0.15.2

0.15.3

0.16.0

0.16.1

0.16.2

0.16.3

0.17.0

0.18.0

0.19.0

0.19.1

0.19.2

0.2.0

0.2.1

0.2.10

0.2.2

0.2.3

0.2.4

0.2.5

0.2.6

0.2.7

0.2.8

0.2.9

0.20.0

0.21.0

0.21.1

0.22.0

0.22.1

0.22.2

0.22.3

0.23.0

0.24.0

0.25.0

0.25.1

0.25.2

0.25.3

0.3.0

0.3.1

0.3.2

0.3.3

0.4.0

0.4.1

0.4.2

0.4.3

0.5.0

0.5.1

0.5.2

0.5.3

0.6.0

0.6.1

0.6.2

0.7.0

0.7.1

0.7.2

0.8.0

0.8.1

0.8.2

0.8.3

0.8.4

0.9.0

0.9.1

1.*

1.0.0

1.0.1

1.0.2

1.0.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-55988.json"