What is CVE-2025-12870?

CVE-2025-12870 is a critical-severity vulnerability in Aenrich A+hrd, classified under Weak Authentication. CVSS score: 9.8/10. Published 2025-11-12.

How severe is CVE-2025-12870?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Vulnerability in Aenrich A+hrd

CVE-2025-12870

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access the system with elevated privileges.

EPSS: 0.001 (34.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Aenrich A+hrd — versions 0

Weakness classification (CWE)

CWE-1390 — Weak Authentication

References

www.twcert.org.tw/tw/cp-132-10486-a3459-1.html (third-party-advisory)
www.twcert.org.tw/en/cp-139-10487-12a32-2.html (third-party-advisory)

Frequently asked questions

What is CVE-2025-12870?: CVE-2025-12870 is a critical-severity vulnerability in Aenrich A+hrd, classified under Weak Authentication. CVSS score: 9.8/10. Published 2025-11-12.
How severe is CVE-2025-12870?: Critical severity. CVSS v3 base score is 9.8 out of 10.