CNNVD-202511-813 Information

CNNVD ID

CNNVD-202511-813

Related CVE

CVE-2025-63687

• CNNVD Published: 2025-11-07

Description (Chinese)

forest是RYMCU开源的一款现代化的知识社区后台项目，使用 SpringBoot + Shiro + MyBatis + JWT + Redis 实现。 forest f782e85版本存在安全漏洞，该漏洞源于AuthorshipAspect.java文件中doBefore函数存在缺陷，可能导致授权攻击者删除任意用户帖子。

Description (English)

Forest is a modern knowledge community back-office project with SpringBoot + Shiro + MyBatis + JWT + Redis. There is a security loophole in version forest f782e85, which stems from deficiencies in the DoBefore function in the AutoshipAspect.java document, which may lead to the authorization of the assailant to remove any user posts.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

RYMCU

Published

2025-11-07

Last Modified

2026-02-24

References

https://gist.github.com/LockeTom/564d5be6b75bb64d120daed96d74ec9c https://github.com/rymcu/forest/issues/193