CVE-2025-55988

Name of the Vulnerable Software and Affected Versions DreamFactory Core version 1.0.3

Description An issue exists in the /Controllers/RestController.php component that allows attackers to execute a directory traversal due to an unsanitized URI path. The vulnerable component processes requests without proper validation of the provided path, potentially allowing unauthorized access to files and directories. The API endpoint involved is likely related to resource access through the REST controller. The vulnerable parameter is the URI path used in requests to this endpoint.

Recommendations Update DreamFactory Core to a version that addresses this issue. As a temporary workaround, restrict access to the /Controllers/RestController.php component to minimize the risk of exploitation.