CVE-2025-13700 | DreamFactory saveZipFile command injection (ZDI-25-1024)

Inserito da Angelo Barbosa | Nov 27, 2025 | CVE

A vulnerability described as critical has been identified in DreamFactory. This vulnerability affects the function saveZipFile. Executing manipulation can lead to command injection.

This vulnerability appears as CVE-2025-13700. The attack may be performed from remote. There is no available exploit.

Applying a patch is advised to resolve this issue.

CVE-2025-13700 | DreamFactory saveZipFile command injection (ZDI-25-1024)

Post correlati

zephyrproject-rtos zephyr le_ecred_reconf_req stack-based overflow (GHSA-wr8r-7f8x-24jj)

CVE-2025-4358 | Kashipara Company Visitor Management System 2.0 /admin-profile.php adminname sql injection

CVE-2025-23394 | SUSE openSUSE Tumbleweed 2.5.0-1.1 cyrus-imapd symlink

CVE-2024-2057 | Harrison Chase LangChain 0.1.9 tfidf.py load_local server-side request forgery