CVE-2025-0585 CRITICAL

CVE-2025-0585: aEnrich Technology a+HRD - SQL Injection

Vendor Aenrich Technology

Product a+HRD

Weakness CWE-89 · SQLi

Published January 20, 2025

Last update January 21, 2025

View on NVD All CVEs

CVSS base score

9.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

Key dates

02Disclosure timeline

January 20, 2025 CVE published

January 21, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-0585

Related vulnerabilities

04Related CVE

CVE-2026-6093 Corteza 2024.9.8 - SQL Injection in MSSQL JSON-path meta filter via incorrect T-SQL string escaping CVE-2024-29889 GLPI contains an SQL injection through the saved searches CVE-2025-27103 Dataease Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability CVE-2024-12964 1000 Projects Daily College Class Work Report Book login.php sql injection CVE-2026-42740 WordPress Tainacan plugin <= 1.0.3 - SQL Injection vulnerability