TVN ID: TVN-202511005 CVE ID: - CVE-2025-12869 - CVE-2025-12870 - CVE-2025-12871 - CVE-2025-12872 CVSS: - CVE-2025-12869: 4.8 (Medium) - CVE-2025-12870: 9.8 (Critical) - CVE-2025-12871: 9.8 (Critical) - CVE-2025-12872: 5.4 (Medium) Affected Products: - a+HRD version 7.5 and earlier - a+HCM version 8.1 Description: - CVE-2025-12869: Stored Cross-Site Scripting vulnerability - CVE-2025-12870: Authentication Abuse vulnerability - CVE-2025-12871: Authentication Abuse vulnerability - CVE-2025-12872: Stored Cross-Site Scripting vulnerability in a+HCM Solution: Upgrade to version 6.8 or later and install the latest patches Credit: - CVE-2025-12869: Wxi (Systex Software) - CVE-2025-12870, CVE-2025-12871: Tree(CHT Security) - CVE-2025-12872: Loki, Harry, Mike, Henry, WoodMan(安華聯網) Public Date: 2025-11-12