Cyber Posture

CVE-2025-12871

Critical

Published: 12 November 2025

Published
12 November 2025
Modified
18 November 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0023 45.8th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-12871 is a critical-severity Weak Authentication (CWE-1390) vulnerability in Aenrich A\+Hrd. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 45.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-5 (Authenticator Management).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

IA-5 Authenticator Management good match
prevent

Directly manages the generation, protection, and validation of authenticators such as access tokens to prevent crafting of valid administrator tokens by unauthenticated attackers.

AC-3 Access Enforcement good match
prevent

Enforces approved authorizations for access, ensuring crafted administrator tokens are rejected without proper validation.

SI-10 Information Input Validation good match
prevent

Validates information inputs including access tokens to detect and reject malformed or invalidly crafted administrator tokens.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Unauthenticated remote exploitation of a network-accessible application to craft admin tokens and gain elevated privileges directly enables T1190 (Exploit Public-Facing Application) and T1068 (Exploitation for Privilege Escalation).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and use them to access the system with elevated privileges.

Deeper analysisAI

CVE-2025-12871 is an Authentication Abuse vulnerability (CWE-1390) affecting the a+HRD software developed by aEnrich. Published on 2025-11-12, it enables unauthenticated remote attackers to craft administrator access tokens and use them to access the system with elevated privileges. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low attack complexity, and lack of required privileges or user interaction.

Unauthenticated remote attackers can exploit this vulnerability over the network without privileges. By crafting valid administrator tokens, they gain elevated access to the system, potentially achieving high impacts on confidentiality, integrity, and availability, such as unauthorized data access, modification, or disruption of services.

Advisories from TWCERT/CC (https://www.twcert.org.tw/en/cp-139-10487-12a32-2.html, https://www.twcert.org.tw/tw/cp-132-10486-a3459-1.html) and CHT Security (https://www.chtsecurity.com/news/b97e8337-6b0c-43e8-8e8c-187b7c0e13c2) provide further details on the vulnerability, including potential mitigation guidance.

Details

CWE(s)
CWE-1390

Affected Products

aenrich
a\+hrd
≤ 7.5

CVEs Like This One

CVE-2025-12870Same product: Aenrich A\+Hrd
CVE-2025-0585Same product: Aenrich A\+Hrd
CVE-2025-0586Same product: Aenrich A\+Hrd
CVE-2026-6886Shared CWE-1390
CVE-2023-53894Shared CWE-1390
CVE-2025-40554Shared CWE-1390
CVE-2025-40552Shared CWE-1390
CVE-2026-28710Shared CWE-1390
CVE-2026-4828Shared CWE-1390
CVE-2025-23058Shared CWE-1390

References