CVE 9.3 CRITICAL

aEnrich｜eHRD – Authentication Abuse_CVE-2025-12870

November 12, 2025 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access the system with elevated privileges.

AI Analysis

Authentication Abuse vulnerability allowing unauthenticated remote attackers to obtain administrator access tokens

Basic Information

ID CVE-2025-12870

Source twcert

Published Nov 12, 2025 at 07:35

Affected Product

Vendor aEnrich

Product a+HRD

Affected Versions aEnrich a+HRD 0

CWE Classification

CWE-1390

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor aEnrich

Product a+HRD

References

{
    "lastseen": "",
    "description": "The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access the system with elevated privileges.",
    "published": "2025-11-12T07:35:43.207Z",
    "modified": "2025-11-12T07:35:43.207Z",
    "type": "cve",
    "title": "aEnrich\uff5ceHRD - Authentication Abuse",
    "source": "twcert",
    "references": "https://www.twcert.org.tw/tw/cp-132-10486-a3459-1.html\nhttps://www.twcert.org.tw/en/cp-139-10487-12a32-2.html",
    "id": "CVE-2025-12870",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1390"
    ],
    "cvelist": null,
    "sourceData": "aEnrich a+HRD 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "a+HRD",
    "version": "0",
    "vendor": "aEnrich",
    "ai_description": "Authentication Abuse vulnerability allowing unauthenticated remote attackers to obtain administrator access tokens",
    "ai_severity": "Critical",
    "ai_vendor": "aEnrich",
    "ai_product": "a+HRD",
    "ai_version": "0",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply