Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing privileged local attackers to exploit Relative Path Traversal to download arbitrary system files.
AnalysisAI
Arbitrary file read in Interinfo's DreamMaker application allows privileged attackers to traverse relative path boundaries and download arbitrary system files. The vulnerability stems from insufficient path normalization in a file download or retrieval function, enabling exfiltration of sensitive system content without modifying or disrupting the target. No public exploit code has been identified at time of analysis, and the requirement for high privileges (PR:H per CVSS 4.0) materially limits the attacker pool.
Technical ContextAI
DreamMaker, developed by Interinfo, is a web-based or network-accessible application (CPE: cpe:2.3:a:interinfo:dreammaker:*:*:*:*:*:*:*:*) affecting all tracked versions. The root cause is CWE-23 (Relative Path Traversal), a subclass of path traversal weaknesses where user-supplied input containing sequences such as '../' or encoded equivalents is not properly normalized or validated before being used to construct filesystem paths. When the application resolves these relative references, it can escape the intended directory boundary and access files elsewhere on the host filesystem. The CVSS 4.0 vector assigns AV:N (network attack vector), meaning exploitation is delivered over a network interface rather than requiring direct console access - however, this conflicts with the CVE description's use of 'local attackers,' a discrepancy that warrants vendor clarification.
RemediationAI
Consult the Interinfo vendor advisory via TWCERT (https://www.twcert.org.tw/en/cp-139-10946-1127f-2.html) for the official patch or upgrade path - no specific fixed version number is confirmed in the currently available data, so 'Patch available per vendor advisory' is the most accurate characterization. Until a patch is applied, restrict access to DreamMaker's file retrieval functionality by enforcing the principle of least privilege: reduce the number of accounts holding high-privilege roles, audit current privilege assignments, and enable session logging on privileged actions. If the application exposes file access endpoints over the network, consider placing DreamMaker behind a VPN or network access control layer to reduce exposure. Inspect application logs for anomalous path patterns (sequences of '../', URL-encoded variants '%2e%2e%2f') to detect potential exploitation attempts. Note: access restrictions do not eliminate the underlying flaw - patching remains the definitive remediation.
More in Dreammaker
View allUnauthenticated arbitrary file upload in Interinfo DreamMaker allows remote attackers to upload web shell backdoors and
Arbitrary file read in Interinfo DreamMaker allows remote unauthenticated attackers to retrieve sensitive system files b
Arbitrary file upload in Interinfo DreamMaker allows authenticated high-privilege remote attackers to upload web shell b
Absolute Path Traversal in DreamMaker (developed by Interinfo) allows unauthenticated remote attackers to enumerate file
Same weakness CWE-23 – Relative Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33299
GHSA-mmqq-h844-46ww