CVE-2025-13435 | Dreampie Resty up to 1.3.1.SNAPSHOT HttpClient HttpClient.java request filename path traversal

A vulnerability, which was classified as critical, was found in Dreampie Resty up to 1.3.1.SNAPSHOT. This affects the function Request of the file /resty-httpclient/src/main/java/cn/dreampie/client/HttpClient.java of the component HttpClient Module. Such manipulation of the argument filename leads to path traversal.

This vulnerability is listed as CVE-2025-13435. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-13435 | Dreampie Resty up to 1.3.1.SNAPSHOT HttpClient HttpClient.java request filename path traversal

Post correlati

CVE-2024-6661 | ParityPress Plugin up to 1.0.0 on WordPress cross site scripting

CVE-2024-53134 | Linux Kernel up to 6.6.62/6.11.9 pmdomain onecell_data.num_domains denial of service (8fc228ab5d38/201fb9e164a1/f7c7c5aa5563)

CVE-2024-9697 | Social Rocket Plugin up to 1.3.4 on WordPress Setting authorization

CVE-2024-13849 | dcurasi Cookie Notice Bar Plugin up to 1.3.0 on WordPress cross site scripting