CVE-2025-12924
BaseFortify
Publication date: 2025-11-10
Last updated on: 2026-02-24
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rymcu | forest | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the rymcu forest software, specifically in the GlobalResult function of the BankController.java file. It allows an attacker to manipulate the function in a way that causes missing authorization, meaning unauthorized users may gain access or perform actions they should not be allowed to. The attack can be initiated remotely.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access or actions within the affected system, potentially compromising sensitive data or operations. Since it involves missing authorization, it may allow attackers with some privileges to escalate their access or bypass intended security controls.