CRITICAL🇵🇱 Wersja polska

CVE-2025-12871

CVSS 9.3v4.0pub. 2025-11-12upd. 2025-11-18

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and use them to access the system with elevated privileges.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Aenrich A\+hrd

    APP
    Aenrich
    ≤ 7.5
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-12870CRITICAL9.3PL ✓ten sam produkt

Authentication Abuse w aEnrich a+HRD — przejęcie tokenu administratora

CVE-2025-0585CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Aenrich A+HRD — nieuwierzytelniony zdalny dostęp do bazy danych

CVE-2023-20852CRITICAL9.8ten sam produkt

aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ interpreter....

CVE-2023-20853CRITICAL9.8ten sam produkt

aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ asynchronize...

CVE-2022-39041CRITICAL9.8ten sam produkt

aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated remote att...