CVE-2025-12870

Medienbericht

EPSS 0.56%
Veröffentlicht 12.11.2025 07:35:43
Zuletzt bearbeitet 18.11.2025 19:31:34
Quelle twcert@cert.org.tw
CVE-Watchlists
Login
Unerledigt
Login

aEnrich｜eHRD - Authentication Abuse

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access the system with elevated privileges.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 0 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.56%	0.423

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
twcert@cert.org.tw	9.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
twcert@cert.org.tw	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-1390 Weak Authentication

The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.

https://www.twcert.org.tw/tw/cp-132-10486-a3459-1.html

Third Party Advisory

https://www.twcert.org.tw/en/cp-139-10487-12a32-2.html

Third Party Advisory

https://www.chtsecurity.com/news/b97e8337-6b0c-43e8-8e8c-187b7c0e13c2

Third Party Advisory

Press/Media Coverage

https://nvd.nist.gov/vuln/detail/CVE-2025-12870

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-12870

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-12870

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-12870