CVE-2025-12871

Critical CVSS: 9.3

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and use them to access the system with elevated privileges.

Vendor

Aenrich

Product

A\+hrd

CWE

CWE-1390

Yayın Tarihi

2025-11-12 08:15:41

Güncelleme

2025-11-18 18:28:18

Source Identifier

twcert@cert.org.tw

KEV Date Added

Kategoriler

CWE-1390 A\+hrd CRITICAL Aenrich 2025

Referanslar

https://www.twcert.org.tw/en/cp-139-10487-12a32-2.html https://www.twcert.org.tw/tw/cp-132-10486-a3459-1.html https://www.chtsecurity.com/news/b97e8337-6b0c-43e8-8e8c-187b7c0e13c2

Benzer Kayıtlar

Medium

CVE-2025-12869

The a+HRD developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing remote attackers with administr…

Critical

CVE-2025-12870

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to s…

Medium

CVE-2025-0584

The a+HRD from aEnrich Technology has a Server-side Request Forgery, allowing unauthenticated remote attackers to exploi…

Critical

CVE-2025-0585

The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject…

High

CVE-2025-0586

The a+HRD from aEnrich Technology has an Insecure Deserialization vulnerability, allowing remote attackers with database…

Medium

CVE-2025-0583

The a+HRD from aEnrich Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote at…