CVE-2025-12870CRITICAL 9.8EPSS p42.3%

CVE-2025-12870CVE-2025-12870

Description

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access the system with elevated privileges.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.56% probability of exploitation · percentile 42.3% · 2026-06-18T12:00:27Z
Published2025-11-12
Last modified2025-11-18

Underlying weaknesses· 1

CWE-1390

References

  1. https://www.twcert.org.tw/en/cp-139-10487-12a32-2.html
  2. https://www.twcert.org.tw/tw/cp-132-10486-a3459-1.html
  3. https://www.chtsecurity.com/news/b97e8337-6b0c-43e8-8e8c-187b7c0e13c2

1

TypeTargetConfidenceTier
WeaknessWeak Authenticationcwe-13900%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-12871
CVE
CVE-2025-0585
CVE
CVE-2025-2412
CVE
CVE-2025-1393
CVE
CVE-2025-52689
CVE
CVE-2026-23595
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.