CVE-2025-13700 | DreamFactory saveZipFile command injection (ZDI-25-1024)

November 27, 2025 Yanac

A vulnerability described as critical has been identified in DreamFactory. This vulnerability affects the function saveZipFile. Executing manipulation can lead to command injection.

This vulnerability appears as CVE-2025-13700. The attack may be performed from remote. There is no available exploit.

Applying a patch is advised to resolve this issue.VulDB Recent EntriesRead More

CVE-2025-13703 | VIPRE Advanced Security permission (ZDI-25-1023)
CVE-2025-13378 | Ays AI ChatBot with ChatGPT and Content Generator Plugin ays_chatgpt_pinecone_upsert server-side request forgery