[Vulnerability Alert] Aenrich Digital Technology eHRD has high-risk security vulnerabilities (CVE-2025-12870 and CVE-2025-12871), please confirm and patch as soon as possible

• Subject: [Vulnerability Alert] Aenrich Digital Technology eHRD has high-risk security vulnerabilities (CVE-2025-12870 and CVE-2025-12871), please confirm and patch as soon as possible

• Content:
  • Forwarded from National Information Security Information Sharing and Analysis Center Security Alert NISAC-200-202511-00000149
  • Researchers have discovered an Authentication Abuse vulnerability (CVE-2025-12870 and CVE-2025-12871) in Aenrich Digital Technology eHRD. An unauthenticated remote attacker can obtain or self-generate administrative privilege credentials and use them to access the system with administrator privileges. Please confirm and patch as soon as possible.
• Affected Platforms:
  • a+HRD versions up to and including 7.5
• Recommended Measures:
  • The official source has released a fix update for the vulnerability; please refer to the official instructions for update at the following URL: https://www.aenrich.com.tw/news_events/pr_20251112.asp
• References:
  1. https://www.twcert.org.tw/tw/cp-132-10515-3733a-1.html
  2. https://nvd.nist.gov/vuln/detail/CVE-2025-12870
  3. https://nvd.nist.gov/vuln/detail/CVE-2025-12871

Computer and Communications Center
Network Systems Group