Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing unauthenticated local attackers to exploit Relative Path Traversal to download arbitrary system files.
AnalysisAI
Arbitrary file read in Interinfo DreamMaker allows remote unauthenticated attackers to retrieve sensitive system files by abusing a relative path traversal flaw in the application's file-handling logic. The issue is rated CVSS 4.0 8.7 (High) due to network exploitability with no privileges or user interaction, though impact is confined to confidentiality. No public exploit identified at time of analysis, and the disclosure was coordinated through TWCERT (Taiwan's national CERT).
Technical ContextAI
DreamMaker is a business/enterprise application produced by Taiwanese vendor Interinfo, commonly deployed in regional environments per TWCERT's coordination scope. The underlying weakness is CWE-23 (Relative Path Traversal), where the application accepts a user-supplied path component and resolves it using sequences such as '../' without canonicalization or allow-list validation. Because the file-serving endpoint runs with the privileges of the DreamMaker service account, traversal sequences let an attacker break out of the intended document root and read any file the service process can access, such as configuration files, credentials, or OS artifacts. The CPE 'cpe:2.3:a:interinfo:dreammaker:*:*:*:*:*:*:*:*' indicates all versions are currently in scope until a vendor-fixed version is published.
RemediationAI
No vendor-released patch identified at time of analysis from the provided data; consult the TWCERT advisories at https://www.twcert.org.tw/en/cp-139-10946-1127f-2.html and https://www.twcert.org.tw/tw/cp-132-10943-8fb00-1.html for the vendor-supplied fixed build and apply it as the primary remediation once available. Until a patch is installed, restrict network access to the DreamMaker application - particularly any file-download or document-retrieval endpoints - to trusted internal subnets via firewall or reverse-proxy ACLs, accepting that this will break remote user access; if a WAF is available, block requests whose path or query parameters contain traversal sequences such as '../', '..\', '%2e%2e%2f', and double-encoded variants, with the trade-off that legitimate filenames containing dots may be rejected. Audit the DreamMaker service account's filesystem permissions to ensure it cannot read sensitive OS files (e.g., SAM, shadow, private keys) so that successful traversal yields lower-value data.
More in Dreammaker
View allUnauthenticated arbitrary file upload in Interinfo DreamMaker allows remote attackers to upload web shell backdoors and
Arbitrary file upload in Interinfo DreamMaker allows authenticated high-privilege remote attackers to upload web shell b
Absolute Path Traversal in DreamMaker (developed by Interinfo) allows unauthenticated remote attackers to enumerate file
Arbitrary file read in Interinfo's DreamMaker application allows privileged attackers to traverse relative path boundari
Same weakness CWE-23 – Relative Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33294
GHSA-hp24-385h-9xv4