CVE-2025-12869
BaseFortify
Publication date: 2025-11-12
Last updated on: 2025-11-18
Assigner: TWCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| aenrich | a\+hrd | to 7.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-12869 is a Stored Cross-Site Scripting (XSS) vulnerability in the a+HRD software developed by aEnrich, affecting versions 7.5 and earlier. It allows remote attackers who have administrator privileges to inject persistent malicious JavaScript code into the application. This injected code executes automatically in the browsers of users when they load the affected pages, potentially compromising their interaction with the application. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker with administrator privileges to inject malicious JavaScript code that executes in users' browsers. This can lead to unauthorized actions performed on behalf of users, theft of sensitive information, or manipulation of user sessions. Although the attack requires high privileges and user interaction, it can compromise confidentiality and integrity of data within the affected application. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate step to mitigate this vulnerability is to upgrade a+HRD to version 6.8 or later and apply the latest patches provided by the vendor. For further assistance, users should contact aEnrich customer service or YUQI Digital Technology support. [1, 2]