Print - 【Vulnerability Alert】High-risk security vulnerabilities (CVE-2025-12870 and CVE-2025-12871) have been identified in Apextar Digital Technology eHRD. Please verify and apply the necessary patches as soon as possible.

【Vulnerability Alert】High-risk security vulnerabilities (CVE-2025-12870 and CVE-2025-12871) have been identified in Apextar Digital Technology eHRD. Please verify and apply the necessary patches as soon as possible.

publish date : 2025-11-21 update date : 2025-11-21

Source: Ministry of education information & communication security contingency platform

"" "" ""


Publication Number	TACERT-ANA-2025111903115252	Publication Time	2025/11/19 15:06
Incident Type	ANA-Vulnerability Alert	Discovery Time	2025/11/19 15:06
Impact Level	Low
[Subject] 【Vulnerability Alert】High-risk security vulnerabilities (CVE-2025-12870 and CVE-2025-12871) have been identified in Apextar Digital Technology eHRD. Please verify and apply the necessary patches as soon as possible.
[Content] Forwarded from the National Institute of Cyber Security NISAC-200-202511-00000149 Researchers have discovered Authentication Abuse vulnerabilities (CVE-2025-12870 and CVE-2025-12871) in Apextar Digital Technology eHRD. A remote attacker without authentication may obtain or forge administrative privilege tokens, and use those tokens to access the system with administrator permissions. Please verify and apply the necessary patches as soon as possible. Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] a+HRD versions up to and including 7.5
[Recommended Actions] The vendor has released security updates to address this vulnerability. Please refer to the official documentation for update instructions at the following URL: https://www.aenrich.com.tw/news_events/pr_20251112.asp
[Reference] 1. https://nvd.nist.gov/vuln/detail/CVE-2025-12870 2. https://nvd.nist.gov/vuln/detail/CVE-2025-12871 3. https://www.aenrich.com.tw/news_events/pr_20251112.asp

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center