Detections
Analytics

CVE-2025-12870

critical

Description

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access the system with elevated privileges.

References

https://www.twcert.org.tw/tw/cp-132-10486-a3459-1.html

https://www.twcert.org.tw/en/cp-139-10487-12a32-2.html

https://www.chtsecurity.com/news/b97e8337-6b0c-43e8-8e8c-187b7c0e13c2

Details

Source: Mitre, NVD

Published: 2025-11-12

Updated: 2025-11-18

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

CVSS v4

Base Score: 9.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: Critical

EPSS

EPSS: 0.00081