{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-12T03:04:44.921","vulnerabilities":[{"cve":{"id":"CVE-2025-55988","sourceIdentifier":"cve@mitre.org","published":"2026-03-20T21:17:12.300","lastModified":"2026-04-14T19:27:15.650","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An issue in the component /Controllers/RestController.php of DreamFactory Core v1.0.3 allows attackers to execute a directory traversal via an unsanitized URI path."},{"lang":"es","value":"Un problema en el componente /Controllers/RestController.php de DreamFactory Core v1.0.3 permite a los atacantes ejecutar un salto de directorio a través de una ruta URI no saneada."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dreamfactory:dreamfactory_core:1.0.3:*:*:*:*:*:*:*","matchCriteriaId":"8B1416EF-51B5-4942-98DB-BB82D606BE88"}]}]}],"references":[{"url":"https://github.com/dreamfactorysoftware/df-core/commit/54354605b2ec9afe6ee96756a5a22f6f56828950#diff-e57a7c0af25166ac8f02695307c6c413ca4ba0a48a20b2202ad910654528aab1","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://pentest-tools.com/PTT-2025-001-RemoteCodeExecution-via-URL-Path-Traversal.pdf","source":"cve@mitre.org","tags":["Third Party Advisory"]}]}}]}