exploitDog

CVE-2025-12870

Опубликовано: 12 нояб. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access the system with elevated privileges.

Ссылки

https://www.twcert.org.tw/en/cp-139-10487-12a32-2.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-10486-a3459-1.html
Third Party Advisory
https://www.chtsecurity.com/news/b97e8337-6b0c-43e8-8e8c-187b7c0e13c2
Press/Media Coverage
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:aenrich:a\+hrd:*:*:*:*:*:*:*:*

Версия до 7.5 (включая)

EPSS

Процентиль: 48%

0.00246

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-1390

Связанные уязвимости

GHSA-4765-m9wv-v7gx

CVSS3: 9.8

github

3 месяца назад

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access the system with elevated privileges.

EPSS

Процентиль: 48%

0.00246

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-1390