CVE-2025-12871CRITICAL 9.8EPSS p40.4%

CVE-2025-12871CVE-2025-12871

Description

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and use them to access the system with elevated privileges.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.53% probability of exploitation · percentile 40.4% · 2026-06-19T12:03:05Z
Published2025-11-12
Last modified2025-11-18

Underlying weaknesses· 1

CWE-1390

References

  1. https://www.twcert.org.tw/en/cp-139-10487-12a32-2.html
  2. https://www.twcert.org.tw/tw/cp-132-10486-a3459-1.html
  3. https://www.chtsecurity.com/news/b97e8337-6b0c-43e8-8e8c-187b7c0e13c2

1

TypeTargetConfidenceTier
WeaknessWeak Authenticationcwe-13900%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-12870
CVE
CVE-2025-0585
CVE
CVE-2025-61075
CVE
CVE-2025-1393
CVE
CVE-2026-23595
CVE
CVE-2025-2412
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.