QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-12924

Back to search

CVE-2025-12924

Published: Nov 10, 2025

Modified: Feb 24, 2026

PUBLISHED

CVSS v3.1

4.3

MEDIUM

Description

A vulnerability was identified in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. This issue affects the function GlobalResult of the file src/main/java/com/rymcu/forest/web/api/bank/BankController.java. The manipulation leads to missing authorization. The attack may be initiated remotely. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available.

VendorProductVersions

rymcu

forest

affected
de53ce79db9faa2efc4e79ce1077a302c42a1224

Weaknesses (CWE)

CWE-862
CWE-863

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

References

VDB-331644 | CTI Indicators (IOB, IOC, IOA)
signature
permissions-required

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now