CVE-2025-12925 – This CVE describes an authorization bypass vuln... (How to Fix)

Q: What is the severity of CVE-2025-12925?

CVE-2025-12925 has a CVSS score of 7.3 (HIGH). This CVE describes an authorization bypass vulnerability in rymcu forest's UserDicController API endpoints. Attackers can remotely manipulate user dictionary functions without proper authentication, potentially modifying or deleting dictionary data. All deployments using affected code commits are vulnerable.

📋 TL;DR

This CVE describes an authorization bypass vulnerability in rymcu forest's UserDicController API endpoints. Attackers can remotely manipulate user dictionary functions without proper authentication, potentially modifying or deleting dictionary data. All deployments using affected code commits are vulnerable.

💻 Affected Systems

Products:

rymcu forest

Versions: All versions up to commit de53ce79db9faa2efc4e79ce1077a302c42a1224

Operating Systems: Any OS running Java applications

Default Config Vulnerable: ⚠️ Yes

Notes: This is a rolling release product with continuous delivery, so specific version numbers aren't available. The vulnerability exists in the codebase up to the specified commit hash.

📦 What is this software?

Forest by Rymcu

View all CVEs affecting Forest →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Unauthenticated attackers could delete or modify all user dictionary entries, potentially causing data loss or service disruption if dictionaries are critical to application functionality.

🟠

Likely Case

Attackers could add, view, or delete user dictionary entries, compromising data integrity and potentially enabling further attacks if dictionary data influences application behavior.

🟢

If Mitigated

With proper authentication and authorization controls, only authorized users could access dictionary functions, limiting impact to legitimate operations.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is a missing authorization check on API endpoints, making exploitation straightforward via HTTP requests to the affected endpoints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - check for commits after de53ce79db9faa2efc4e79ce1077a302c42a1224

Vendor Advisory: https://github.com/rymcu/forest/issues/199

Restart Required: Yes

Instructions:

1. Check the GitHub repository for fixes after commit de53ce79db9faa2efc4e79ce1077a302c42a1224. 2. Update to a fixed version if available. 3. Restart the application after updating.

🔧 Temporary Workarounds

Implement API Gateway Authentication

all

Add authentication and authorization checks at the API gateway or reverse proxy level

Network Access Control

all

Restrict access to the affected endpoints using firewall rules or network segmentation

🧯 If You Can't Patch

Implement strong authentication and authorization checks for all UserDicController endpoints
Monitor and log all access attempts to the getAll/addDic/getAllDic/deleteDic endpoints

🔍 How to Verify

Check if Vulnerable:

Check if your deployment uses code from commit de53ce79db9faa2efc4e79ce1077a302c42a1224 or earlier. Test if unauthenticated requests to /api/userdic/* endpoints succeed.

Check Version:

git log --oneline -1

Verify Fix Applied:

Verify that unauthenticated requests to the affected endpoints now return 401/403 status codes and authenticated requests with proper authorization succeed.

📡 Detection & Monitoring

Log Indicators:

Unauthenticated requests to /api/userdic/* endpoints
Multiple failed authentication attempts followed by successful dictionary operations

Network Indicators:

HTTP requests to UserDicController endpoints without authentication headers
Unusual patterns of dictionary modifications

SIEM Query:

source="application.logs" AND (uri_path="/api/userdic/*" AND NOT auth_token=*)

📊 Metadata

CVE ID: CVE-2025-12925

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-862

EPSS Score: 0.06% exploit probability (19.5th percentile)

Published: November 10, 2025

Last Updated: February 24, 2026

🔗 References

https://github.com/rymcu/forest/
https://github.com/rymcu/forest/issues/199 Exploit,Issue Tracking,Vendor Advisory
https://vuldb.com/?ctiid.331645 Permissions Required,VDB Entry
https://vuldb.com/?id.331645 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.681080 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-12925, you might also want to check these: