CVE-2025-12870

Critical

Published: 12 November 2025

Published

12 November 2025

Modified

18 November 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0014 34.5th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access the system with elevated privileges.

Mitigating Controls (NIST 800-53 r5)AI

AC-14 Permitted Actions Without Identification or Authentication good match

prevent

AC-14 limits and authorizes specific actions performable without identification or authentication, directly preventing unauthenticated attackers from obtaining administrator access tokens via crafted packets.

AC-3 Access Enforcement good match

prevent

AC-3 enforces approved authorizations for access to system resources, countering the authentication bypass that grants elevated privileges.

SI-10 Information Input Validation good match

prevent

SI-10 validates information inputs to the system, blocking crafted packets that exploit the authentication abuse vulnerability.

Security SummaryAI

CVE-2025-12870 is an Authentication Abuse vulnerability (CWE-1390) affecting the a+HRD software developed by aEnrich. Published on 2025-11-12, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low complexity, and lack of prerequisites. The flaw enables unauthenticated remote attackers to send crafted packets that bypass authentication mechanisms.

Unauthenticated attackers can exploit this vulnerability remotely over the network with minimal effort. By crafting and transmitting specific packets, they can obtain valid administrator access tokens, granting elevated privileges to access and control the affected system. This results in high-impact compromise across confidentiality, integrity, and availability.

Mitigation guidance is available in advisories from TWCERT/CC (https://www.twcert.org.tw/en/cp-139-10487-12a32-2.html, https://www.twcert.org.tw/tw/cp-132-10486-a3459-1.html) and CHT Security (https://www.chtsecurity.com/news/b97e8337-6b0c-43e8-8e8c-187b7c0e13c2). Security practitioners should consult these resources for recommended patches, workarounds, or configuration changes to address the issue.

Details

CWE(s): CWE-1390

Affected Products

aenrich

a\+hrd

≤ 7.5

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability allows unauthenticated remote attackers to bypass authentication via crafted packets on a network-accessible application, directly enabling exploitation of a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://www.twcert.org.tw/en/cp-139-10487-12a32-2.html
Third Party Advisory · twcert@cert.org.tw
https://www.twcert.org.tw/tw/cp-132-10486-a3459-1.html
Third Party Advisory · twcert@cert.org.tw
https://www.chtsecurity.com/news/b97e8337-6b0c-43e8-8e8c-187b7c0e13c2
Press/Media Coverage, Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108