Home

Description

EN DE

A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Impacted is the function getAll/addDic/getAllDic/deleteDic of the file src/main/java/com/rymcu/forest/lucene/api/UserDicController.java. The manipulation results in missing authorization. The attack may be launched remotely. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.

Es wurde eine Schwachstelle in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224 entdeckt. Dabei geht es um die Funktion getAll/addDic/getAllDic/deleteDic der Datei src/main/java/com/rymcu/forest/lucene/api/UserDicController.java. Die Bearbeitung verursacht missing authorization. Der Angriff lässt sich über das Netzwerk starten. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verfügbar.

PUBLISHED Reserved 2025-11-09 | Published 2025-11-10 | Updated 2025-11-10 | Assigner VulDB




MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
HIGH: 7.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R
HIGH: 7.3CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R
7.5AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:ND/RC:UR

Problem types

Missing Authorization

Incorrect Authorization

Product status

de53ce79db9faa2efc4e79ce1077a302c42a1224
affected

Timeline

2025-11-09:Advisory disclosed
2025-11-09:VulDB entry created
2025-11-09:VulDB entry last update

Credits

1098024193 (VulDB User) reporter

References

vuldb.com/?id.331645 (VDB-331645 | rymcu forest UserDicController.java deleteDic authorization) vdb-entry technical-description

vuldb.com/?ctiid.331645 (VDB-331645 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.681080 (Submit #681080 | RYMCU forest V1.0 Missing Authentication) third-party-advisory

github.com/rymcu/forest/issues/199 issue-tracking

cve.org (CVE-2025-12925)

nvd.nist.gov (CVE-2025-12925)

Download JSON