CVE 9.3 CRITICAL

aEnrich｜a+HRD – Authentication Abuse_CVE-2025-12871

November 12, 2025 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and use them to access the system with elevated privileges.

AI Analysis

Authentication Abuse vulnerability allowing unauthenticated remote attackers to access the system with elevated privileges

Basic Information

ID CVE-2025-12871

Source twcert

Published Nov 12, 2025 at 07:38

Affected Product

Vendor aEnrich

Product a+HRD

Affected Versions aEnrich a+HRD 0

CWE Classification

CWE-1390

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor aEnrich

Product a+HRD

References

{
    "lastseen": "",
    "description": "The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and use them to access the system with elevated privileges.",
    "published": "2025-11-12T07:38:30.394Z",
    "modified": "2025-11-12T07:38:30.394Z",
    "type": "cve",
    "title": "aEnrich\uff5ca+HRD - Authentication Abuse",
    "source": "twcert",
    "references": "https://www.twcert.org.tw/tw/cp-132-10486-a3459-1.html\nhttps://www.twcert.org.tw/en/cp-139-10487-12a32-2.html",
    "id": "CVE-2025-12871",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1390"
    ],
    "cvelist": null,
    "sourceData": "aEnrich a+HRD 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "a+HRD",
    "version": "0",
    "vendor": "aEnrich",
    "ai_description": "Authentication Abuse vulnerability allowing unauthenticated remote attackers to access the system with elevated privileges",
    "ai_severity": "Critical",
    "ai_vendor": "aEnrich",
    "ai_product": "a+HRD",
    "ai_version": "0",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply