CVE-2025-12870
BaseFortify
Publication date: 2025-11-12
Last updated on: 2025-11-18
Assigner: TWCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| aenrich | a\+hrd | to 7.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1390 | The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Authentication Abuse issue in the a+HRD software developed by aEnrich. It allows unauthenticated remote attackers to send specially crafted packets to the system, which lets them obtain administrator access tokens. With these tokens, attackers can gain elevated privileges and access the system as administrators without proper authentication. [1]
How can this vulnerability impact me? :
The impact of this vulnerability is severe because it allows attackers to gain full administrative access to the affected system without any authentication. This means attackers can control the system, access sensitive data, modify or delete information, and potentially disrupt operations, leading to significant security breaches. [1]
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate mitigation is to upgrade the a+HRD software to version 6.8 or later and apply the latest patches provided by the vendor. For further assistance, users should contact aEnrich customer service. [1, 2]