Vulnerability Description
Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.
CVSS Score
9.1
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gladinet | Triofox | < 16.7.10368.56560 |
Related Weaknesses (CWE)
References
- https://access.triofox.com/releases_history/Release Notes
- https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cExploitThird Party Advisory
- https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025Third Party Advisory
- https://www.triofox.com/Product
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-US Government Resource
FAQ
What is CVE-2025-12480?
CVE-2025-12480 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.
How severe is CVE-2025-12480?
CVE-2025-12480 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-12480?
Check the references section above for vendor advisories and patch information. Affected products include: Gladinet Triofox.