DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2025-55988: CVE-2025-55988: Path Traversal and Remote Code Execution in DreamFactory Core

#security #cve #cybersecurity

CVE-2025-55988: Path Traversal and Remote Code Execution in DreamFactory Core

Vulnerability ID: CVE-2025-55988
CVSS Score: 9.8
Published: 2026-03-20

DreamFactory Core v1.0.3 contains a critical directory traversal vulnerability within the RestController component. The application fails to properly sanitize the resource URI parameter before utilizing it in downstream service logic. This allows an unauthenticated attacker to bypass implemented filters using nested traversal sequences, leading to arbitrary file read and remote code execution.

TL;DR

Unauthenticated path traversal (CWE-22) in DreamFactory Core v1.0.3 allows remote attackers to read arbitrary files and execute code via crafted URI paths. The initial vendor patch is bypassed using nested sequences like '....//'.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-22
  • Attack Vector: Network
  • CVSS Severity: Critical
  • Impact: Remote Code Execution
  • Exploit Status: Proof-of-Concept Available
  • CISA KEV: Not Listed

Affected Systems

  • DreamFactory Core v1.0.3
  • DreamFactory Core: <= 1.0.3

Code Analysis

Commit: 5435460

Initial flawed fix attempting to sanitize directory traversal sequences using str_replace.

Mitigation Strategies

  • Upgrade to a patched version of DreamFactory Core (versions > 1.0.3) that implements realpath() based sanitization.
  • Deploy Web Application Firewall (WAF) rules to block nested directory traversal sequences and URL-encoded variations.
  • Enforce least privilege on the web application service account to limit filesystem access.

Remediation Steps:

  1. Audit current DreamFactory Core installations to confirm the running version.
  2. Apply the vendor-provided patch or upgrade to the latest stable release.
  3. Implement strict path validation in custom REST endpoints using canonicalization functions.
  4. Review server logs for anomalous URI patterns containing repeated dots or excessive path depth.

References

Read the full report for CVE-2025-55988 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)