Home > Vulnerability Database > CVE-2025-13435

Mend.io Vulnerability Database

CVE-2025-13435

Good to know:

Date: November 19, 2025

A security vulnerability has been detected in Dreampie Resty up to 1.3.1.SNAPSHOT. This affects the function Request of the file /resty-httpclient/src/main/java/cn/dreampie/client/HttpClient.java of the component HttpClient Module. Such manipulation of the argument filename leads to path traversal. The attack may be performed from remote. Attacks of this nature are highly complex. The exploitability is reported as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity Score

5.6

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-13435

Url: https://github.com/Dreampie/resty

Url: https://vuldb.com/?submit.687603

Url: https://vuldb.com/?ctiid.332979

Url: https://vuldb.com/?id.332979

Url: https://github.com/Xzzz111/exps/blob/main/archives/Resty-PathTraversal-01/cve_application.md

Url: https://www.mend.io/vulnerability-database/CVE-2025-13435

Severity Score

5.6

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-13435

Good to know:

Date: November 19, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?