CVE-2025-12924

MEDIUM 4.3

rymcu forest BankController.java GlobalResult authorization

CVSS Score

4.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was identified in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. This issue affects the function GlobalResult of the file src/main/java/com/rymcu/forest/web/api/bank/BankController.java. The manipulation leads to missing authorization. The attack may be initiated remotely. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available.

CWE	CWE-862 CWE-863
Vendor	rymcu
Product	forest
Published	Nov 10, 2025
Last Updated	Feb 24, 2026

Stay Ahead of the Next One

Get instant alerts for rymcu forest

Be the first to know when new medium vulnerabilities affecting rymcu forest are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

rymcu / forest

de53ce79db9faa2efc4e79ce1077a302c42a1224

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.331644 vuldb.com: https://vuldb.com/?ctiid.331644 vuldb.com: https://vuldb.com/?submit.681079 github.com: https://github.com/rymcu/forest/issues/198 github.com: https://github.com/rymcu/forest/

Credits

🔍 1098024193 (VulDB User)