CVE-2025-55988

Published March 20th, 2026

View on NVD ↗

CVSS v3

7.2

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

An issue in the component /Controllers/RestController.php of DreamFactory Core v1.0.3 allows attackers to execute a directory traversal via an unsanitized URI path.

dreamfactorysoftware/df-core

DreamFactory is a self-hosted platform providing governed API access to any data source for enterprise apps and local LLMs.

GitHub