Home

Description

An issue was discovered in rymcu forest thru commit f782e85 (2025-09-04) in function doBefore in file src/main/java/com/rymcu/forest/core/service/security/AuthorshipAspect.java, allowing authorized attackers to delete arbitrary users posts.

PUBLISHED Reserved 2025-10-27 | Published 2025-11-07 | Updated 2025-11-07 | Assigner mitre

References

github.com/rymcu/forest/issues/193

gist.github.com/LockeTom/564d5be6b75bb64d120daed96d74ec9c

cve.org (CVE-2025-63687)

nvd.nist.gov (CVE-2025-63687)

Download JSON