CVE-2025-12871

Summary

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and use them to access the system with elevated privileges.

Affected Software

VendorProductVersion RangeStatus
aEnricha+HRD0 <= 7.5affected

Weaknesses

  • CWE-1390: CWE-1390 Weak Authentication

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

CVE Program Container

Additional References

References