CVE-2025-13435 | Dreampie Resty up to 1.3.1.SNAPSHOT HttpClient HttpClient.java request filename path traversal

A vulnerability, which was classified as critical, was found in Dreampie Resty up to 1.3.1.SNAPSHOT. This affects the function Request of the file /resty-httpclient/src/main/java/cn/dreampie/client/HttpClient.java of the component HttpClient Module. Such manipulation of the argument filename leads to path traversal.

This vulnerability is listed as CVE-2025-13435. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-13435 | Dreampie Resty up to 1.3.1.SNAPSHOT HttpClient HttpClient.java request filename path traversal

Post correlati

CVE-2024-36221 | Adobe Experience Manager up to 6.5.20 cross site scripting (apsb24-28)

CVE-2025-26506 | HP LaserJet Pro PostScript Print Job stack-based overflow

CVE-2024-34124 | Adobe Dimension up to 3.4.11 out-of-bounds write (apsb24-47)

CVE-2024-7485 | Traffic Manager Plugin up to 1.4.5 on WordPress cross site scripting