CVE-2025-12870
Published: 12 November 2025
Summary
CVE-2025-12870 is a critical-severity Weak Authentication (CWE-1390) vulnerability in Aenrich A\+Hrd. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 34.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
AC-14 limits and authorizes specific actions performable without identification or authentication, directly preventing unauthenticated attackers from obtaining administrator access tokens via crafted packets.
AC-3 enforces approved authorizations for access to system resources, countering the authentication bypass that grants elevated privileges.
SI-10 validates information inputs to the system, blocking crafted packets that exploit the authentication abuse vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows unauthenticated remote attackers to bypass authentication via crafted packets on a network-accessible application, directly enabling exploitation of a public-facing application.
NVD Description
The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access the system with elevated privileges.
Deeper analysisAI
CVE-2025-12870 is an Authentication Abuse vulnerability (CWE-1390) affecting the a+HRD software developed by aEnrich. Published on 2025-11-12, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low complexity, and lack of prerequisites. The flaw enables unauthenticated remote attackers to send crafted packets that bypass authentication mechanisms.
Unauthenticated attackers can exploit this vulnerability remotely over the network with minimal effort. By crafting and transmitting specific packets, they can obtain valid administrator access tokens, granting elevated privileges to access and control the affected system. This results in high-impact compromise across confidentiality, integrity, and availability.
Mitigation guidance is available in advisories from TWCERT/CC (https://www.twcert.org.tw/en/cp-139-10487-12a32-2.html, https://www.twcert.org.tw/tw/cp-132-10486-a3459-1.html) and CHT Security (https://www.chtsecurity.com/news/b97e8337-6b0c-43e8-8e8c-187b7c0e13c2). Security practitioners should consult these resources for recommended patches, workarounds, or configuration changes to address the issue.
Details
- CWE(s)