CVE-2025-12872
BaseFortify
Publication date: 2025-11-12
Last updated on: 2025-11-12
Assigner: TWCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| aenrich | a+hrd | 7.5 |
| aenrich | a+hcm | 8.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-12872 is a Stored Cross-Site Scripting (XSS) vulnerability in the a+HRD (version 7.5 and earlier) and a+HCM (version 8.1) products developed by aEnrich. It allows authenticated remote attackers to upload files containing malicious JavaScript code. This malicious code then executes on the client side when a user is tricked into visiting a specific URL, potentially compromising the user's browser session or data. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers with valid authentication to upload malicious JavaScript files that execute in the browsers of users who visit a crafted URL. This can lead to unauthorized actions performed on behalf of the user, theft of sensitive information, session hijacking, or other malicious activities executed in the context of the affected web application. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves monitoring for files uploaded by authenticated users that contain malicious JavaScript code, as the vulnerability allows such files to be uploaded and executed when visited. Since this is a Stored Cross-Site Scripting vulnerability, you can scan the file upload directories or database entries for suspicious JavaScript code patterns. Additionally, monitoring web server logs for unusual URL access patterns that may trigger the malicious scripts can help. Specific commands are not provided in the resources, but general approaches include using web vulnerability scanners that detect stored XSS or using grep-like commands to search for <script> tags or suspicious JavaScript in uploaded files or database entries. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate mitigation is to upgrade the affected software to aEnrich version 6.8 or later and apply the latest patches provided by the vendor. Additionally, contacting aEnrich customer service for assistance is advised. These steps will address the Stored Cross-Site Scripting vulnerability in a+HRD and a+HCM products. [1, 2]