Authorization Flaw in Rymcu Forest Product
CVE-2025-12925

6.9MEDIUM

Key Information:

Vendor

Rymcu

Status
Forest
Vendor
CVE Published:
10 November 2025

What is CVE-2025-12925?

A security vulnerability has been identified in Rymcu Forest, specifically affecting the getAll, addDic, getAllDic, and deleteDic functions within the UserDicController.java file. This flaw allows unauthorized access due to the lack of proper authentication checks. The vulnerability is exploitable remotely, enabling attackers to manipulate user dictionaries without appropriate permissions. The product follows a rolling release model, which means it continuously updates without distinct version numbers for affected releases.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

forest de53ce79db9faa2efc4e79ce1077a302c42a1224

References

https://vuldb.com/?id.331645
vdb-entrytechnical-description
https://vuldb.com/?ctiid.331645
signaturepermissions-required
https://vuldb.com/?submit.681080
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

1098024193 (VulDB User)
JSON
.