CVE-2025-12925

HIGH 7.3

rymcu forest UserDicController.java deleteDic authorization

CVSS Score

7.3

EPSS Score

0.0%

EPSS Percentile

0th

A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Impacted is the function getAll/addDic/getAllDic/deleteDic of the file src/main/java/com/rymcu/forest/lucene/api/UserDicController.java. The manipulation results in missing authorization. The attack may be launched remotely. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.

CWE	CWE-862 CWE-863
Vendor	rymcu
Product	forest
Published	Nov 10, 2025
Last Updated	Feb 24, 2026

Stay Ahead of the Next One

Get instant alerts for rymcu forest

Be the first to know when new high vulnerabilities affecting rymcu forest are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

rymcu / forest

de53ce79db9faa2efc4e79ce1077a302c42a1224

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.331645 vuldb.com: https://vuldb.com/?ctiid.331645 vuldb.com: https://vuldb.com/?submit.681080 github.com: https://github.com/rymcu/forest/issues/199 github.com: https://github.com/rymcu/forest/

Credits

🔍 1098024193 (VulDB User)