← back
CVE-2025-12870

aEnrich|eHRD - Authentication Abuse

CVSS 9.3 CRITICALEPSS 0.6%CWE-1390
The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access the system with elevated privileges.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
aEnrich · a+HRD

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.chtsecurity.com/news/b97e8337-6b0c-43e8-8e8c-187b7c0e13c2https://www.twcert.org.tw/en/cp-139-10487-12a32-2.htmlhttps://www.twcert.org.tw/tw/cp-132-10486-a3459-1.html