CVE-2025-0584 MEDIUM

CVE-2025-0584: aEnrich Technology a+HRD - Server-Side Request Forgery (SSRF)

Vendor Aenrich Technology

Product a+HRD

Weakness CWE-918 · SSRF

Published January 20, 2025

Last update January 21, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

The a+HRD from aEnrich Technology has a Server-side Request Forgery, allowing unauthenticated remote attackers to exploit this vulnerability to probe internal network.

Key dates

02Disclosure timeline

January 20, 2025 CVE published

January 21, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-0584

Related vulnerabilities

04Related CVE

CVE-2024-35633 WordPress Blocksy Companion plugin <= 2.0.42 - Server Side Request Forgery (SSRF) vulnerability CVE-2025-5276 CVE-2026-45504 Microsoft Exchange Server Elevation of Privilege Vulnerability CVE-2020-26258 Server-Side Forgery Request can be activated unmarshalling with XStream CVE-2026-34647 Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918)