CVE-2025-13700

Name of the Vulnerable Software and Affected Versions DreamFactory (affected versions not specified)

Description A flaw exists in the implementation of the saveZipFile method that could allow remote attackers to execute arbitrary code on affected DreamFactory installations. Authentication is required for exploitation. The issue stems from insufficient validation of user-supplied input before it is used in a system call, potentially allowing an attacker to execute code with the privileges of the service account.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.