CVE-2025-0586

High

Published: 20 January 2025

Published

20 January 2025

Modified

17 November 2025

KEV Added

—

Patch

—

CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0175 82.7th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

The a+HRD from aEnrich Technology has an Insecure Deserialization vulnerability, allowing remote attackers with database modification privileges and regular system privileges to perform arbitrary code execution.

Security Summary

CVE-2025-0586 is an insecure deserialization vulnerability (CWE-502) affecting the a+HRD software from aEnrich Technology. Published on January 20, 2025, it has a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability.

Remote attackers who possess database modification privileges alongside regular system privileges can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation enables arbitrary code execution on the affected system.

Mitigation details and advisories are available from TWCERT/CC at https://www.twcert.org.tw/en/cp-139-8375-59abd-2.html and https://www.twcert.org.tw/tw/cp-132-8374-7085a-1.html.

Details

CWE(s): CWE-502

Affected Products

aenrich

a\+hrd

≤ 7.5

References

https://www.twcert.org.tw/en/cp-139-8375-59abd-2.html
Third Party Advisory · twcert@cert.org.tw
https://www.twcert.org.tw/tw/cp-132-8374-7085a-1.html
Third Party Advisory · twcert@cert.org.tw