Vulnerability Details CVE-2025-12480
Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.523
EPSS Ranking 97.8%
CVSS Severity
CVSS v3 Score 9.1
Proposed Action
Gladinet Triofox contains an improper access control vulnerability that allows access to initial setup pages even after setup is complete.
Ransomware Campaign
Unknown
References
- https://access.triofox.com/releases_history/
- https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480
- https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0008.md
- https://www.triofox.com/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-12480
Products affected by CVE-2025-12480
-
cpe:2.3:a:gladinet:triofox:15.1.10113.55677
-
cpe:2.3:a:gladinet:triofox:15.11.10288.56231
-
cpe:2.3:a:gladinet:triofox:15.2.10121.55735
-
cpe:2.3:a:gladinet:triofox:15.3.10131.55787
-
cpe:2.3:a:gladinet:triofox:15.4.10136.55827
-
cpe:2.3:a:gladinet:triofox:15.6.10197.55928
-
cpe:2.3:a:gladinet:triofox:15.6.10206.55977
-
cpe:2.3:a:gladinet:triofox:15.7.10211.56005
-
cpe:2.3:a:gladinet:triofox:15.8.10226.56077
-
cpe:2.3:a:gladinet:triofox:15.9.10269.56136
-
cpe:2.3:a:gladinet:triofox:16.1.10296.56315
-
cpe:2.3:a:gladinet:triofox:16.4.10317.56372
-
cpe:2.3:a:gladinet:triofox:16.4.10331.56447