CVE-2025-12871
BaseFortify
Publication date: 2025-11-12
Last updated on: 2025-11-18
Assigner: TWCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| aenrich | a\+hrd | to 7.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1390 | The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Authentication Abuse issue in the a+HRD software developed by aEnrich. It allows unauthenticated remote attackers to craft administrator access tokens, which they can then use to access the system with elevated privileges, effectively gaining unauthorized administrative control. [1, 2]
How can this vulnerability impact me? :
The impact of this vulnerability is severe because it allows attackers without any authentication to gain administrator-level access to the affected system. This can lead to full control over the system, including the ability to view, modify, or delete sensitive data, disrupt system operations, and potentially compromise other connected systems. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate mitigation step is to upgrade the a+HRD software to version 6.8 or later and apply the latest patches provided by the vendor. For further assistance, users should contact aEnrich customer service. [1, 2]