CVE-2025-12480

Published: Nov 10, 2025Modified: Nov 14, 2025CISA KEV

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: mandiant-cve@google.com (Secondary)

Description

Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.

Affected (1)

Products: Gladinet: Triofox

Gladinet

1 product

Triofox

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gladinet Triofox	Before 16.7.10368.56560

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (5)

https://access.triofox.com/releases_history/

Source: mandiant-cve@google.com

Release Notes

https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480

Source: mandiant-cve@google.com

ExploitThird Party Advisory

https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0008.md

Source: mandiant-cve@google.com

Third Party Advisory

https://www.triofox.com/

Source: mandiant-cve@google.com

Product

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-12480

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.