CVE-2025-13435

Name of the Vulnerable Software and Affected Versions Dreampie Resty versions up to 1.3.1.SNAPSHOT

Description A security issue exists in Dreampie Resty. Manipulation of the filename argument within the Request function, located in the file /resty-httpclient/src/main/java/cn/dreampie/client/HttpClient.java of the HttpClient Module, can lead to a path traversal condition. This issue is considered highly complex to exploit, but the exploit has been publicly disclosed. The vendor was notified but did not respond.

Recommendations Versions prior to 1.3.1.SNAPSHOT should be used. As a temporary workaround, consider restricting access to the Request function until a patch is available.