{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "54354605b2ec9afe6ee96756a5a22f6f56828950"
            }
          ],
          "repo": "https://github.com/dreamfactorysoftware/df-core",
          "type": "GIT"
        }
      ]
    }
  ],
  "details": "An issue in the component /Controllers/RestController.php of DreamFactory Core v1.0.3 allows attackers to execute a directory traversal via an unsanitized URI path.",
  "id": "CVE-2025-55988",
  "modified": "2026-04-01T23:07:48.796156233Z",
  "published": "2026-03-20T21:17:12.300Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://pentest-tools.com/PTT-2025-001-RemoteCodeExecution-via-URL-Path-Traversal.pdf"
    },
    {
      "type": "FIX",
      "url": "https://github.com/dreamfactorysoftware/df-core/commit/54354605b2ec9afe6ee96756a5a22f6f56828950#diff-e57a7c0af25166ac8f02695307c6c413ca4ba0a48a20b2202ad910654528aab1"
    }
  ]
}