[Security Vulnerability Alert]] The eHRD from aEnrich contains high-risk security vulnerabilities (CVE-2025-12870 and CVE-2025-12871). Please confirm and patch them as soon as possible.

[Security Vulnerability Alert]] The eHRD from aEnrich contains high-risk security vulnerabilities (CVE-2025-12870 and CVE-2025-12871). Please confirm and patch them as soon as possible.

2025/11/21 ～ 2026/5/21

View Count：17

Forwarded from National Cybersecurity Information Sharing and Analysis Center: Cybersecurity Alert NISAC-200-202511-00000149

[Content Description]
Researchers have discovered an authentication abuse vulnerability (CVE-2025-12870 and CVE-2025-12871) in the eHRD device from aEnrich. An unauthenticated remote attacker could obtain or create their own administrative privilege credentials and use these credentials to access the system with administrator privileges. Please confirm and patch this vulnerability as soon as possible.

[Affected Platforms]
a+HRD versions 7.5 and earlier

[Recommended Actions]
The official patch for this vulnerability has been released. Please refer to the official instructions for updating. The URL is as follows: https://www.aenrich.com.tw/news_events/pr_20251112.asp

[References]
1. https://nvd.nist.gov/vuln/detail/CVE-2025-12870
2. https://nvd.nist.gov/vuln/detail/CVE-2025-12871
3. https://www.aenrich.com.tw/news_events/pr_20251112.asp

[Security Vulnerability Alert]] The eHRD from aEnrich contains high-risk security vulnerabilities (CVE-2025-12870 and CVE-2025-12871). Please confirm and patch them as soon as possible.

2025/11/21 ～ 2026/5/21

View Count：17

Files

None

【Back】