Vulnerability Description
A security vulnerability has been detected in Dreampie Resty up to 1.3.1.SNAPSHOT. This affects the function Request of the file /resty-httpclient/src/main/java/cn/dreampie/client/HttpClient.java of the component HttpClient Module. Such manipulation of the argument filename leads to path traversal. The attack may be performed from remote. Attacks of this nature are highly complex. The exploitability is reported as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dreampie | Resty | <= 1.3.1 |
Related Weaknesses (CWE)
References
- https://github.com/Xzzz111/exps/blob/main/archives/Resty-PathTraversal-01/cve_apExploitThird Party Advisory
- https://vuldb.com/?ctiid.332979Permissions RequiredVDB Entry
- https://vuldb.com/?id.332979Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.687603Third Party AdvisoryVDB Entry
- https://github.com/Xzzz111/exps/blob/main/archives/Resty-PathTraversal-01/cve_apExploitThird Party Advisory
FAQ
What is CVE-2025-13435?
CVE-2025-13435 is a vulnerability with a CVSS score of 5.6 (MEDIUM). A security vulnerability has been detected in Dreampie Resty up to 1.3.1.SNAPSHOT. This affects the function Request of the file /resty-httpclient/src/main/java/cn/dreampie/client/HttpClient.java of t...
How severe is CVE-2025-13435?
CVE-2025-13435 has been rated MEDIUM with a CVSS base score of 5.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-13435?
Check the references section above for vendor advisories and patch information. Affected products include: Dreampie Resty.