- Description
- Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.
- Source
- mandiant-cve@google.com
- NVD status
- Analyzed
- Products
- triofox
CVSS 3.1
- Type
- Secondary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Gladinet Triofox Improper Access Control Vulnerability
- Exploit added on
- Nov 12, 2025
- Exploit action due
- Dec 3, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- mandiant-cve@google.com
- CWE-284
- Hype score
- Not currently trending
Join @VulnCheckAI on January 28 (1 PM ET) for tales from the exploit mines! Our initial access team will do a deep dive on developing an exploit for Gladinet Triofox CVE-2025-12480. Register: https://t.co/ydeT4kEopO
@catc0n
23 Jan 2026
278 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Noticias: Detección de CVE-2025-12480: Hackers Explotan la Vulnerabilidad de Control de Acceso no Autenticado Ahora Corregida en el Triofox de Gladinet - SOC Prime https://t.co/sB6wftBJnz #ciberseguridad
@Egeneroficial
28 Dec 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ¡Alerta Crítica en Triofox! Explotación activa con privilegios SYSTEM ⚠️🚨 Se ha detectado una vulnerabilidad crítica (CVE-2025-12480) en Triofox (de Gladinet), una solución popular para el acceso remoto a archivos. El fallo es tan grave que ya está siendo explo
@MineryReport
22 Dec 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ¡Alerta Crítica en Triofox! Explotación activa con privilegios SYSTEM ⚠️🚨 Se ha detectado una vulnerabilidad crítica (CVE-2025-12480) en Triofox (de Gladinet), una solución popular para el acceso remoto a archivos. El fallo es tan grave que ya está siendo explo
@MineryReport
22 Dec 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-12480: Gladinet Triofox Access Flaw Enables Full SYSTEM Takeover of Exposed Servers #CyberSecurityAwareness #CybersecurityNews Read the article on : https://t.co/yjf4STKXWM https://t.co/mFnE2IpVJk
@WeAreCyberP1
19 Dec 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Our team recently developed an exploit for Gladinet Triofox CVE-2025-12480, closely following the real-world UNC6485 attack pattern @Mandiant wrote about last month. 20+ requests, an AV config trigger, and an embedded PostgreSQL server later: https://t.co/aldM9c4yhD
@catc0n
19 Dec 2025
1784 Impressions
3 Retweets
24 Likes
8 Bookmarks
1 Reply
0 Quotes
#VulnerabilityReport #AuthenticationBypass Critical Triofox Zero-Day (CVE-2025-12480) Under Active Exploit: Host Header Bypass Allows Unauthenticated Admin Takeover https://t.co/687eLwXH5e
@Komodosec
17 Dec 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-12480 - Gladinet Triofox vulnerability https://t.co/2LyvzxnQpV https://t.co/HjhiBhxviU
@SirajD_Official
9 Dec 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-12480 - Gladinet Triofox vulnerability https://t.co/HEownArSSq https://t.co/WgLlAGVW58
@PhotoZel
8 Dec 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-12480 - Gladinet Triofox vulnerability https://t.co/E9dS1xmBAc https://t.co/69hsBJeNCp
@CloudVirtues
7 Dec 2025
43 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-12480
@transilienceai
22 Nov 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
KEV ALERT: WatchGuard Firebox (CVE-2025-9242) and Gladinet Triofox (CVE-2025-12480) flaws are actively exploited for network access. Patch now. More info in: https://t.co/uE1zEpfVl8 https://t.co/EF1IQrPCbd
@58Consulting
21 Nov 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Security Bulletin: Triofox (CVE-2025-12480, CVSS 9.1) lets attackers access setup pages and create admin accounts without auth, leading to RCE. Actively exploited – patch to 16.7.10368.56560 now. #ThreatIntel #RedLeggCTI https://t.co/cnswFV6BsT
@RedLegg
14 Nov 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔥 CVE-2025-12480(CVSS 9.1) — Triofox 비인증 접근 제어 취약점 악용 중 Gladinet Triofox에서 인증 없이 관리자 계정 탈취 → 시스템 권한 RCE까지 이어질 수 있는 치명적 취약점(CVE-2025-12480)이 확인되었습니다. 특히 Host Header
@CriminalIP_KR
14 Nov 2025
39 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔥CVE-2025-12480(CVSS 9.1)— Triofox の未認証アクセス制御脆弱性が悪用中 Gladinet Triofox に、認証不要で管理者アカウントを奪取 → システム権限でのRCEが可能となる重大欠陥 CVE-2025-12480 が確認されています。
@CriminalIP_JP
14 Nov 2025
92 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 #CISA KEV vulnerability: Triofox Under Active Attack — CVE-2025-12480 N-Day Exploited in the Wild 🔓 Exposed Triofox favicon in Criminal IP: Query ➡️ favicon: -3f6cbb54 https://t.co/T0H3lpbbm5 🛑 Active Exploitation Timeline (per Mandiant)
@CriminalIP_US
14 Nov 2025
93 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📢 CISA KEV UPDATE: Three vulnerabilities are now under active attack, including flaws in WatchGuard Firebox (CVE-2025-9242) and Gladinet Triofox (CVE-2025-12480). Federal agencies must patch by Dec 3. All orgs urged to act now! #CISA #KEV #CyberSec... 🔗 https://t.co/W8Kn6s
@NetSecIO
13 Nov 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: ‼ #Exploited #Gladinet: rilevato sfruttamento in rete della CVE-2025-12480 relativa al prodotto #TrioFox Rischio: 🔴 Tipologia: 🔸 Security Restrictions Bypass 🔗 https://t.co/fURr1Q3Spy 👉 Mitigazioni disponibili https://t.co/WH9U8VSqGj
@Vulcanux_
13 Nov 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
‼ #Exploited #Gladinet: rilevato sfruttamento in rete della CVE-2025-12480 relativa al prodotto #TrioFox Rischio: 🔴 Tipologia: 🔸 Security Restrictions Bypass 🔗 https://t.co/cfK8bLOY0H 👉 Mitigazioni disponibili https://t.co/23PD8m4ZJK
@csirt_it
13 Nov 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 UNC6485 Threat Report [Critical] Nov 13, 2025 This report details the activities of the threat cluster UNC6485, focusing on their exploitation of a Triofox vulnerability (CVE-2025-12480) to gain unauthorized access and deploy malicious payloads. The report includes an... htt
@transilienceai
13 Nov 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログに以下を追加。 - WatchGuard FireboxのCVE-2025-9242 - Gladinet TriofoxのCVE-2025-12480 - WindowsのCVE-2025-62215 対処期限は何れも通常の12/3
@__kokumoto
12 Nov 2025
1877 Impressions
0 Retweets
3 Likes
5 Bookmarks
1 Reply
1 Quote
Security Bulletin: Triofox (CVE-2025-12480, CVSS 9.1) lets attackers access setup pages and create admin accounts without auth, leading to RCE. Actively exploited – patch to 16.7.10368.56560 now. #ThreatIntel #RedLeggCTI https://t.co/gmSWY9eKUq
@RedLegg
12 Nov 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New plugin: GladinetPlugin (CVE-2025-11371, CVE-2025-30406, CVE-2025-12480). Gladinet CentreStack/Triofox LFI, RCE, and auth bypass vulnerability detection. Results: https://t.co/l4VMYOgYoQ https://t.co/3p5n4aSA44
@leak_ix
12 Nov 2025
462 Impressions
1 Retweet
4 Likes
3 Bookmarks
0 Replies
0 Quotes
🔴 CVE-2025-12480 - Triofox Auth Bypass Enables SYSTEM-Level RCE Triofox's file-sharing platform has a brutal authentication bypass (CVE-2025-12480, CVSS 9.1) that UNC6485 actively exploited starting August 24. What's clever: attackers manipulate HTTP host headers to
@the_c_protocol
12 Nov 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
1/7 🚨 Alert: Triofox CVE-2025-12480 exploited in wild by UNC6485 since Aug '25 unauth remote access + SYSTEM code exec! If you're running file sharing servers, this could be your nightmare. Here's the breakdown for threat hunters. 🧵 #ThreatHunting
@kiranhunter
12 Nov 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨🚨CVE-2025-12480 (CVSS 9.1): Triofox Unauthenticated Access Control Flaw A host header bypass lets attackers take over admin accounts and gain SYSTEM-level RCE — no authentication required. Search by vul.cve Filter👉vul.cve="CVE-2025-12480" ZoomEye Dork👉app="Triofox
@zoomeye_team
12 Nov 2025
1239 Impressions
5 Retweets
6 Likes
2 Bookmarks
1 Reply
0 Quotes
🚨Alert🚨:CVE-2025-12480 (CVSS : 9.1) : Critical Triofox Zero-Day: Host Header Bypass Allows Unauthenticated Admin Takeover 🔥EXP :https://t.co/NCrqDlTQ0q 📊443 Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/WNzQhDnCaK 👇Query HUN
@HunterMapping
12 Nov 2025
1900 Impressions
8 Retweets
25 Likes
6 Bookmarks
0 Replies
0 Quotes
Hackers Exploit Triofox Vulnerability to Gain Remote Access CVE-2025-12480 Under Active Attack 🌐 Website: https://t.co/9oiMoRejfD Follow for more cybersecurity insights: Instagram / X / Facebook / LinkedIn / YouTube. https://t.co/HpC3N8Afxh
@Zoffecinfotech
12 Nov 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Vulnerabilidade crítica em Gladinet Triofox permite execução remota de código: Hackers exploraram CVE-2025-12480, que burlar a autenticação via HTTP Host header, para criar admin e executar malware com privilégios SYSTEM; atualização mais recente corrige falha. https://t
@caveiratech
12 Nov 2025
49 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
TriofoxのAV機能悪用でRCEとSYSTEM権限取得:CVE-2025-12480 https://t.co/aU74KNTpxS #Security #セキュリティー #ニュース
@SecureShield_
12 Nov 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers exploited CVE-2025-12480 in Gladinet’s Triofox, bypassing authentication via spoofed localhost to gain SYSTEM privileges, create admin accounts, and deploy remote access tools using the antivirus feature. #RemoteAccess #SystemCompromise https://t.co/56xsY7Wvj9
@TweetThreatNews
12 Nov 2025
124 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Mandiant Threat Defense recently observed exploitation of CVE-2025-12480, which gives threat actors unauthenticated access on Gladinet’s Triofox platform. Learn about the threat, and get IOCs to defend against it. 📄 Read more: https://t.co/vbg8yHNCTX https://t.co/rThI9APUTu
@Mandiant
11 Nov 2025
6454 Impressions
28 Retweets
86 Likes
17 Bookmarks
0 Replies
2 Quotes
#threatreport #MediumCompleteness No Place Like Localhost: Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480 | 10-11-2025 Source: https://t.co/BwA7JZJFyR Key details below ↓ 🧑💻Actors/Campaigns: Unc6485 💀Threats: Plink_tool, Zoho_assist_tool, A
@rst_cloud
11 Nov 2025
99 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
Active exploit alert: Triofox bug (CVE-2025-12480) lets attackers hijack AV configs to run malicious code. That’s a back door you don’t want. If you use Triofox, patch it now or risk data leaks and access issues. Details: https://t.co/7OQ74dch2s #CyberSecurity #PatchNow
@lowcountrycyber
11 Nov 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-12480 - critical 🚨 Triofox - Improper Access Control > The Gladinet Triofox solution before 12.91.1126.65588 and CentreStack before 12.10.59... 👾 https://t.co/zVvaAo0IDv @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
11 Nov 2025
20 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
We just published our AttackerKB @rapid7 analysis of CVE-2025-12480. Disclosed yesterday, but patch back in July, its an access control bypass affecting not only Gladinet Triofox, but as we show, also Gladinet CentreStack. Analysis & RCE details here: https://t.co/OFuISM4fHn
@stephenfewer
11 Nov 2025
5327 Impressions
15 Retweets
50 Likes
14 Bookmarks
0 Replies
0 Quotes
No Place Like Localhost: Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480 https://t.co/QYh5e4j3xu
@Dinosn
11 Nov 2025
1597 Impressions
2 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
🔥 𝐂𝐫𝐢𝐭𝐢𝐜𝐚𝐥 𝐓𝐫𝐢𝐨𝐟𝐨𝐱 𝐙𝐞𝐫𝐨-𝐃𝐚𝐲 (𝐂𝐕𝐄-𝟐𝟎𝟐𝟓-𝟏𝟐𝟒𝟖𝟎) 𝐔𝐧𝐝𝐞𝐫 𝐀𝐜𝐭𝐢𝐯𝐞 𝐄𝐱𝐩𝐥𝐨𝐢𝐭: 𝐇𝐨𝐬𝐭 𝐇𝐞𝐚𝐝𝐞𝐫 𝐁𝐲𝐩
@PurpleOps_io
11 Nov 2025
55 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Google Mandiant Threat Defense, Gladinet'in Triofox platformundaki CVE-2025-12480 (CVSS 9.1) zafiyetinin n-day exploit edildiğini açıkladı. Bu kritik açık, kimlik doğrulamayı aşarak arbitrary payload yüklenip çalıştırılmasına olanak sağlıyor. https://t.co/RU3A7D
@err_cod
11 Nov 2025
772 Impressions
0 Retweets
6 Likes
1 Bookmark
0 Replies
0 Quotes
Mandiant reports an unauthenticated access vulnerability in Triofox (CVE-2025-12480) allowing attackers to exploit the platform for code execution; users are advised to upgrade to the latest version for security. #Cybersecurity #Vulnerability https://t.co/XrnKOkarLr
@Cyber_O51NT
11 Nov 2025
1110 Impressions
4 Retweets
19 Likes
3 Bookmarks
0 Replies
1 Quote
Triofox脆弱性CVE-2025-12480悪用、AV機能でRAT導入 https://t.co/pAGgc6t3SA #Security #セキュリティー #ニュース
@SecureShield_
11 Nov 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 اكتشفت شركة ماندIANT أن القراصنة يستغلون ثغرة أمنية في منصة Triofox التي تم إصلاحها. تُعرف الثغرة (CVE-2025-12480) بمعدل خطورة 9.1، حيث تسمح للمهاجمين بتجاوز مصادقة
@Cybercachear
10 Nov 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 UNC6485 is weaponizing CVE-2025-12480 (CVSS 9.1). They bypassed Triofox auth, ran setup to create an admin, then pointed the antivirus path at centre_report.bat to run code as SYSTEM. Read ↓ https://t.co/bv26eZ8nqM
@TheHackersNews
10 Nov 2025
12984 Impressions
23 Retweets
85 Likes
15 Bookmarks
0 Replies
1 Quote
No Place Like Localhost: Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480 https://t.co/Otm7YFiqwy
@MrsYisWhy
10 Nov 2025
31192 Impressions
2 Retweets
38 Likes
20 Bookmarks
0 Replies
1 Quote
[CVE-2025-12480: CRITICAL] Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.#cve,CVE-2025-12480,#cybersecurity https://t.co/cdTdEX4UZ4 https://t.co/O69rKHuDD6
@CveFindCom
10 Nov 2025
64 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-12480 Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete. https://t.co/s3TRIMnZeg
@CVEnew
10 Nov 2025
244 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gladinet:triofox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85D1B442-0354-472A-9A4C-1417AAE16936",
"versionEndExcluding": "16.7.10368.56560",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]