AI description
CVE-2025-12480 is an improper access control vulnerability affecting Triofox versions prior to 16.7.10368.56560. It allows unauthorized access to the initial setup pages even after the setup is complete. Attackers can bypass authentication and access configuration pages, potentially uploading and executing arbitrary payloads. In one observed case, a threat actor (UNC6485) exploited this vulnerability to create a new admin account and then used the built-in antivirus feature to execute malicious files. To remediate this vulnerability, it is recommended to upgrade to Triofox version 16.7.10368.56560 or later.
- Description
- Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.
- Source
- mandiant-cve@google.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
- mandiant-cve@google.com
- CWE-284
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
26
🚨 UNC6485 Threat Report [Critical] Nov 13, 2025 This report details the activities of the threat cluster UNC6485, focusing on their exploitation of a Triofox vulnerability (CVE-2025-12480) to gain unauthorized access and deploy malicious payloads. The report includes an... htt
@transilienceai
13 Nov 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Security Bulletin: Triofox (CVE-2025-12480, CVSS 9.1) lets attackers access setup pages and create admin accounts without auth, leading to RCE. Actively exploited – patch to 16.7.10368.56560 now. #ThreatIntel #RedLeggCTI https://t.co/gmSWY9eKUq
@RedLegg
12 Nov 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New plugin: GladinetPlugin (CVE-2025-11371, CVE-2025-30406, CVE-2025-12480). Gladinet CentreStack/Triofox LFI, RCE, and auth bypass vulnerability detection. Results: https://t.co/l4VMYOgYoQ https://t.co/3p5n4aSA44
@leak_ix
12 Nov 2025
443 Impressions
1 Retweet
3 Likes
3 Bookmarks
0 Replies
0 Quotes
🔴 CVE-2025-12480 - Triofox Auth Bypass Enables SYSTEM-Level RCE Triofox's file-sharing platform has a brutal authentication bypass (CVE-2025-12480, CVSS 9.1) that UNC6485 actively exploited starting August 24. What's clever: attackers manipulate HTTP host headers to
@the_c_protocol
12 Nov 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
1/7 🚨 Alert: Triofox CVE-2025-12480 exploited in wild by UNC6485 since Aug '25 unauth remote access + SYSTEM code exec! If you're running file sharing servers, this could be your nightmare. Here's the breakdown for threat hunters. 🧵 #ThreatHunting
@kiranhunter
12 Nov 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨🚨CVE-2025-12480 (CVSS 9.1): Triofox Unauthenticated Access Control Flaw A host header bypass lets attackers take over admin accounts and gain SYSTEM-level RCE — no authentication required. Search by vul.cve Filter👉vul.cve="CVE-2025-12480" ZoomEye Dork👉app="Triofox
@zoomeye_team
12 Nov 2025
1239 Impressions
5 Retweets
6 Likes
2 Bookmarks
1 Reply
0 Quotes
🚨Alert🚨:CVE-2025-12480 (CVSS : 9.1) : Critical Triofox Zero-Day: Host Header Bypass Allows Unauthenticated Admin Takeover 🔥EXP :https://t.co/NCrqDlTQ0q 📊443 Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/WNzQhDnCaK 👇Query HUN
@HunterMapping
12 Nov 2025
1900 Impressions
8 Retweets
25 Likes
6 Bookmarks
0 Replies
0 Quotes
Hackers Exploit Triofox Vulnerability to Gain Remote Access CVE-2025-12480 Under Active Attack 🌐 Website: https://t.co/9oiMoRejfD Follow for more cybersecurity insights: Instagram / X / Facebook / LinkedIn / YouTube. https://t.co/HpC3N8Afxh
@Zoffecinfotech
12 Nov 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Vulnerabilidade crítica em Gladinet Triofox permite execução remota de código: Hackers exploraram CVE-2025-12480, que burlar a autenticação via HTTP Host header, para criar admin e executar malware com privilégios SYSTEM; atualização mais recente corrige falha. https://t
@caveiratech
12 Nov 2025
49 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
TriofoxのAV機能悪用でRCEとSYSTEM権限取得:CVE-2025-12480 https://t.co/aU74KNTpxS #Security #セキュリティー #ニュース
@SecureShield_
12 Nov 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers exploited CVE-2025-12480 in Gladinet’s Triofox, bypassing authentication via spoofed localhost to gain SYSTEM privileges, create admin accounts, and deploy remote access tools using the antivirus feature. #RemoteAccess #SystemCompromise https://t.co/56xsY7Wvj9
@TweetThreatNews
12 Nov 2025
124 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Mandiant Threat Defense recently observed exploitation of CVE-2025-12480, which gives threat actors unauthenticated access on Gladinet’s Triofox platform. Learn about the threat, and get IOCs to defend against it. 📄 Read more: https://t.co/vbg8yHNCTX https://t.co/rThI9APUTu
@Mandiant
11 Nov 2025
6454 Impressions
28 Retweets
86 Likes
17 Bookmarks
0 Replies
2 Quotes
#threatreport #MediumCompleteness No Place Like Localhost: Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480 | 10-11-2025 Source: https://t.co/BwA7JZJFyR Key details below ↓ 🧑💻Actors/Campaigns: Unc6485 💀Threats: Plink_tool, Zoho_assist_tool, A
@rst_cloud
11 Nov 2025
99 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
Active exploit alert: Triofox bug (CVE-2025-12480) lets attackers hijack AV configs to run malicious code. That’s a back door you don’t want. If you use Triofox, patch it now or risk data leaks and access issues. Details: https://t.co/7OQ74dch2s #CyberSecurity #PatchNow
@lowcountrycyber
11 Nov 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-12480 - critical 🚨 Triofox - Improper Access Control > The Gladinet Triofox solution before 12.91.1126.65588 and CentreStack before 12.10.59... 👾 https://t.co/zVvaAo0IDv @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
11 Nov 2025
20 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
We just published our AttackerKB @rapid7 analysis of CVE-2025-12480. Disclosed yesterday, but patch back in July, its an access control bypass affecting not only Gladinet Triofox, but as we show, also Gladinet CentreStack. Analysis & RCE details here: https://t.co/OFuISM4fHn
@stephenfewer
11 Nov 2025
5327 Impressions
15 Retweets
50 Likes
14 Bookmarks
0 Replies
0 Quotes
No Place Like Localhost: Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480 https://t.co/QYh5e4j3xu
@Dinosn
11 Nov 2025
1597 Impressions
2 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
🔥 𝐂𝐫𝐢𝐭𝐢𝐜𝐚𝐥 𝐓𝐫𝐢𝐨𝐟𝐨𝐱 𝐙𝐞𝐫𝐨-𝐃𝐚𝐲 (𝐂𝐕𝐄-𝟐𝟎𝟐𝟓-𝟏𝟐𝟒𝟖𝟎) 𝐔𝐧𝐝𝐞𝐫 𝐀𝐜𝐭𝐢𝐯𝐞 𝐄𝐱𝐩𝐥𝐨𝐢𝐭: 𝐇𝐨𝐬𝐭 𝐇𝐞𝐚𝐝𝐞𝐫 𝐁𝐲𝐩
@PurpleOps_io
11 Nov 2025
55 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Google Mandiant Threat Defense, Gladinet'in Triofox platformundaki CVE-2025-12480 (CVSS 9.1) zafiyetinin n-day exploit edildiğini açıkladı. Bu kritik açık, kimlik doğrulamayı aşarak arbitrary payload yüklenip çalıştırılmasına olanak sağlıyor. https://t.co/RU3A7D
@err_cod
11 Nov 2025
772 Impressions
0 Retweets
6 Likes
1 Bookmark
0 Replies
0 Quotes
Mandiant reports an unauthenticated access vulnerability in Triofox (CVE-2025-12480) allowing attackers to exploit the platform for code execution; users are advised to upgrade to the latest version for security. #Cybersecurity #Vulnerability https://t.co/XrnKOkarLr
@Cyber_O51NT
11 Nov 2025
1110 Impressions
4 Retweets
19 Likes
3 Bookmarks
0 Replies
1 Quote
Triofox脆弱性CVE-2025-12480悪用、AV機能でRAT導入 https://t.co/pAGgc6t3SA #Security #セキュリティー #ニュース
@SecureShield_
11 Nov 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 اكتشفت شركة ماندIANT أن القراصنة يستغلون ثغرة أمنية في منصة Triofox التي تم إصلاحها. تُعرف الثغرة (CVE-2025-12480) بمعدل خطورة 9.1، حيث تسمح للمهاجمين بتجاوز مصادقة
@Cybercachear
10 Nov 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 UNC6485 is weaponizing CVE-2025-12480 (CVSS 9.1). They bypassed Triofox auth, ran setup to create an admin, then pointed the antivirus path at centre_report.bat to run code as SYSTEM. Read ↓ https://t.co/bv26eZ8nqM
@TheHackersNews
10 Nov 2025
12984 Impressions
23 Retweets
85 Likes
15 Bookmarks
0 Replies
1 Quote
No Place Like Localhost: Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480 https://t.co/Otm7YFiqwy
@MrsYisWhy
10 Nov 2025
31192 Impressions
2 Retweets
38 Likes
20 Bookmarks
0 Replies
1 Quote
[CVE-2025-12480: CRITICAL] Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.#cve,CVE-2025-12480,#cybersecurity https://t.co/cdTdEX4UZ4 https://t.co/O69rKHuDD6
@CveFindCom
10 Nov 2025
64 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-12480 Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete. https://t.co/s3TRIMnZeg
@CVEnew
10 Nov 2025
244 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes