ГлавнаяУязвимости → CVE-2025-12870
9.8критическая

CVE-2025-12870

Описание

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access the system with elevated privileges.

Затрагиваемое ПО
Aenrich A\+hrd
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.twcert.org.tw/en/cp-139-10487-12a32-2.htmlhttps://www.twcert.org.tw/tw/cp-132-10486-a3459-1.htmlhttps://www.chtsecurity.com/news/b97e8337-6b0c-43e8-8e8c-187b7c0e13c2