CVE-2025-12871

Critical

Published: 12 November 2025

Published

12 November 2025

Modified

18 November 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0023 45.8th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and use them to access the system with elevated privileges.

Mitigating Controls (NIST 800-53 r5)AI

IA-5 Authenticator Management good match

prevent

Directly manages the generation, protection, and validation of authenticators such as access tokens to prevent crafting of valid administrator tokens by unauthenticated attackers.

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations for access, ensuring crafted administrator tokens are rejected without proper validation.

SI-10 Information Input Validation good match

prevent

Validates information inputs including access tokens to detect and reject malformed or invalidly crafted administrator tokens.

Security SummaryAI

CVE-2025-12871 is an Authentication Abuse vulnerability (CWE-1390) affecting the a+HRD software developed by aEnrich. Published on 2025-11-12, it enables unauthenticated remote attackers to craft administrator access tokens and use them to access the system with elevated privileges. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low attack complexity, and lack of required privileges or user interaction.

Unauthenticated remote attackers can exploit this vulnerability over the network without privileges. By crafting valid administrator tokens, they gain elevated access to the system, potentially achieving high impacts on confidentiality, integrity, and availability, such as unauthorized data access, modification, or disruption of services.

Advisories from TWCERT/CC (https://www.twcert.org.tw/en/cp-139-10487-12a32-2.html, https://www.twcert.org.tw/tw/cp-132-10486-a3459-1.html) and CHT Security (https://www.chtsecurity.com/news/b97e8337-6b0c-43e8-8e8c-187b7c0e13c2) provide further details on the vulnerability, including potential mitigation guidance.

Details

CWE(s): CWE-1390

Affected Products

aenrich

a\+hrd

≤ 7.5

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Unauthenticated remote exploitation of a network-accessible application to craft admin tokens and gain elevated privileges directly enables T1190 (Exploit Public-Facing Application) and T1068 (Exploitation for Privilege Escalation).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://www.twcert.org.tw/en/cp-139-10487-12a32-2.html
Third Party Advisory · twcert@cert.org.tw
https://www.twcert.org.tw/tw/cp-132-10486-a3459-1.html
Third Party Advisory · twcert@cert.org.tw
https://www.chtsecurity.com/news/b97e8337-6b0c-43e8-8e8c-187b7c0e13c2
Press/Media Coverage, Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108