AI description
CVE-2025-12480 is an improper access control vulnerability affecting Triofox versions prior to 16.7.10368.56560. It allows unauthorized access to the initial setup pages even after the setup is complete. Attackers can bypass authentication and access configuration pages, potentially uploading and executing arbitrary payloads. In one observed case, a threat actor (UNC6485) exploited this vulnerability to create a new admin account and then used the built-in antivirus feature to execute malicious files. To remediate this vulnerability, it is recommended to upgrade to Triofox version 16.7.10368.56560 or later.
- Description
- Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.
- Source
- mandiant-cve@google.com
- NVD status
- Analyzed
- Products
- triofox
CVSS 3.1
- Type
- Secondary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Gladinet Triofox Improper Access Control Vulnerability
- Exploit added on
- Nov 12, 2025
- Exploit action due
- Dec 3, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- mandiant-cve@google.com
- CWE-284
- Hype score
- Not currently trending
Noticias: Detección de CVE-2025-12480: Hackers Explotan la Vulnerabilidad de Control de Acceso no Autenticado Ahora Corregida en el Triofox de Gladinet - SOC Prime https://t.co/sB6wftBJnz #ciberseguridad
@Egeneroficial
28 Dec 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ¡Alerta Crítica en Triofox! Explotación activa con privilegios SYSTEM ⚠️🚨 Se ha detectado una vulnerabilidad crítica (CVE-2025-12480) en Triofox (de Gladinet), una solución popular para el acceso remoto a archivos. El fallo es tan grave que ya está siendo explo
@MineryReport
22 Dec 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ¡Alerta Crítica en Triofox! Explotación activa con privilegios SYSTEM ⚠️🚨 Se ha detectado una vulnerabilidad crítica (CVE-2025-12480) en Triofox (de Gladinet), una solución popular para el acceso remoto a archivos. El fallo es tan grave que ya está siendo explo
@MineryReport
22 Dec 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-12480: Gladinet Triofox Access Flaw Enables Full SYSTEM Takeover of Exposed Servers #CyberSecurityAwareness #CybersecurityNews Read the article on : https://t.co/yjf4STKXWM https://t.co/mFnE2IpVJk
@WeAreCyberP1
19 Dec 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Our team recently developed an exploit for Gladinet Triofox CVE-2025-12480, closely following the real-world UNC6485 attack pattern @Mandiant wrote about last month. 20+ requests, an AV config trigger, and an embedded PostgreSQL server later: https://t.co/aldM9c4yhD
@catc0n
19 Dec 2025
1784 Impressions
3 Retweets
24 Likes
8 Bookmarks
1 Reply
0 Quotes
#VulnerabilityReport #AuthenticationBypass Critical Triofox Zero-Day (CVE-2025-12480) Under Active Exploit: Host Header Bypass Allows Unauthenticated Admin Takeover https://t.co/687eLwXH5e
@Komodosec
17 Dec 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-12480 - Gladinet Triofox vulnerability https://t.co/2LyvzxnQpV https://t.co/HjhiBhxviU
@SirajD_Official
9 Dec 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-12480 - Gladinet Triofox vulnerability https://t.co/HEownArSSq https://t.co/WgLlAGVW58
@PhotoZel
8 Dec 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-12480 - Gladinet Triofox vulnerability https://t.co/E9dS1xmBAc https://t.co/69hsBJeNCp
@CloudVirtues
7 Dec 2025
43 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-12480
@transilienceai
22 Nov 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
KEV ALERT: WatchGuard Firebox (CVE-2025-9242) and Gladinet Triofox (CVE-2025-12480) flaws are actively exploited for network access. Patch now. More info in: https://t.co/uE1zEpfVl8 https://t.co/EF1IQrPCbd
@58Consulting
21 Nov 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Security Bulletin: Triofox (CVE-2025-12480, CVSS 9.1) lets attackers access setup pages and create admin accounts without auth, leading to RCE. Actively exploited – patch to 16.7.10368.56560 now. #ThreatIntel #RedLeggCTI https://t.co/cnswFV6BsT
@RedLegg
14 Nov 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔥 CVE-2025-12480(CVSS 9.1) — Triofox 비인증 접근 제어 취약점 악용 중 Gladinet Triofox에서 인증 없이 관리자 계정 탈취 → 시스템 권한 RCE까지 이어질 수 있는 치명적 취약점(CVE-2025-12480)이 확인되었습니다. 특히 Host Header
@CriminalIP_KR
14 Nov 2025
39 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 #CISA KEV vulnerability: Triofox Under Active Attack — CVE-2025-12480 N-Day Exploited in the Wild 🔓 Exposed Triofox favicon in Criminal IP: Query ➡️ favicon: -3f6cbb54 https://t.co/T0H3lpbbm5 🛑 Active Exploitation Timeline (per Mandiant)
@CriminalIP_US
14 Nov 2025
93 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔥CVE-2025-12480(CVSS 9.1)— Triofox の未認証アクセス制御脆弱性が悪用中 Gladinet Triofox に、認証不要で管理者アカウントを奪取 → システム権限でのRCEが可能となる重大欠陥 CVE-2025-12480 が確認されています。
@CriminalIP_JP
14 Nov 2025
92 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
📢 CISA KEV UPDATE: Three vulnerabilities are now under active attack, including flaws in WatchGuard Firebox (CVE-2025-9242) and Gladinet Triofox (CVE-2025-12480). Federal agencies must patch by Dec 3. All orgs urged to act now! #CISA #KEV #CyberSec... 🔗 https://t.co/W8Kn6s
@NetSecIO
13 Nov 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: ‼ #Exploited #Gladinet: rilevato sfruttamento in rete della CVE-2025-12480 relativa al prodotto #TrioFox Rischio: 🔴 Tipologia: 🔸 Security Restrictions Bypass 🔗 https://t.co/fURr1Q3Spy 👉 Mitigazioni disponibili https://t.co/WH9U8VSqGj
@Vulcanux_
13 Nov 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
‼ #Exploited #Gladinet: rilevato sfruttamento in rete della CVE-2025-12480 relativa al prodotto #TrioFox Rischio: 🔴 Tipologia: 🔸 Security Restrictions Bypass 🔗 https://t.co/cfK8bLOY0H 👉 Mitigazioni disponibili https://t.co/23PD8m4ZJK
@csirt_it
13 Nov 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 UNC6485 Threat Report [Critical] Nov 13, 2025 This report details the activities of the threat cluster UNC6485, focusing on their exploitation of a Triofox vulnerability (CVE-2025-12480) to gain unauthorized access and deploy malicious payloads. The report includes an... htt
@transilienceai
13 Nov 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログに以下を追加。 - WatchGuard FireboxのCVE-2025-9242 - Gladinet TriofoxのCVE-2025-12480 - WindowsのCVE-2025-62215 対処期限は何れも通常の12/3
@__kokumoto
12 Nov 2025
1877 Impressions
0 Retweets
3 Likes
5 Bookmarks
1 Reply
1 Quote
Security Bulletin: Triofox (CVE-2025-12480, CVSS 9.1) lets attackers access setup pages and create admin accounts without auth, leading to RCE. Actively exploited – patch to 16.7.10368.56560 now. #ThreatIntel #RedLeggCTI https://t.co/gmSWY9eKUq
@RedLegg
12 Nov 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New plugin: GladinetPlugin (CVE-2025-11371, CVE-2025-30406, CVE-2025-12480). Gladinet CentreStack/Triofox LFI, RCE, and auth bypass vulnerability detection. Results: https://t.co/l4VMYOgYoQ https://t.co/3p5n4aSA44
@leak_ix
12 Nov 2025
462 Impressions
1 Retweet
4 Likes
3 Bookmarks
0 Replies
0 Quotes
🔴 CVE-2025-12480 - Triofox Auth Bypass Enables SYSTEM-Level RCE Triofox's file-sharing platform has a brutal authentication bypass (CVE-2025-12480, CVSS 9.1) that UNC6485 actively exploited starting August 24. What's clever: attackers manipulate HTTP host headers to
@the_c_protocol
12 Nov 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
1/7 🚨 Alert: Triofox CVE-2025-12480 exploited in wild by UNC6485 since Aug '25 unauth remote access + SYSTEM code exec! If you're running file sharing servers, this could be your nightmare. Here's the breakdown for threat hunters. 🧵 #ThreatHunting
@kiranhunter
12 Nov 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨🚨CVE-2025-12480 (CVSS 9.1): Triofox Unauthenticated Access Control Flaw A host header bypass lets attackers take over admin accounts and gain SYSTEM-level RCE — no authentication required. Search by vul.cve Filter👉vul.cve="CVE-2025-12480" ZoomEye Dork👉app="Triofox
@zoomeye_team
12 Nov 2025
1239 Impressions
5 Retweets
6 Likes
2 Bookmarks
1 Reply
0 Quotes
🚨Alert🚨:CVE-2025-12480 (CVSS : 9.1) : Critical Triofox Zero-Day: Host Header Bypass Allows Unauthenticated Admin Takeover 🔥EXP :https://t.co/NCrqDlTQ0q 📊443 Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/WNzQhDnCaK 👇Query HUN
@HunterMapping
12 Nov 2025
1900 Impressions
8 Retweets
25 Likes
6 Bookmarks
0 Replies
0 Quotes
Hackers Exploit Triofox Vulnerability to Gain Remote Access CVE-2025-12480 Under Active Attack 🌐 Website: https://t.co/9oiMoRejfD Follow for more cybersecurity insights: Instagram / X / Facebook / LinkedIn / YouTube. https://t.co/HpC3N8Afxh
@Zoffecinfotech
12 Nov 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Vulnerabilidade crítica em Gladinet Triofox permite execução remota de código: Hackers exploraram CVE-2025-12480, que burlar a autenticação via HTTP Host header, para criar admin e executar malware com privilégios SYSTEM; atualização mais recente corrige falha. https://t
@caveiratech
12 Nov 2025
49 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
TriofoxのAV機能悪用でRCEとSYSTEM権限取得:CVE-2025-12480 https://t.co/aU74KNTpxS #Security #セキュリティー #ニュース
@SecureShield_
12 Nov 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers exploited CVE-2025-12480 in Gladinet’s Triofox, bypassing authentication via spoofed localhost to gain SYSTEM privileges, create admin accounts, and deploy remote access tools using the antivirus feature. #RemoteAccess #SystemCompromise https://t.co/56xsY7Wvj9
@TweetThreatNews
12 Nov 2025
124 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Mandiant Threat Defense recently observed exploitation of CVE-2025-12480, which gives threat actors unauthenticated access on Gladinet’s Triofox platform. Learn about the threat, and get IOCs to defend against it. 📄 Read more: https://t.co/vbg8yHNCTX https://t.co/rThI9APUTu
@Mandiant
11 Nov 2025
6454 Impressions
28 Retweets
86 Likes
17 Bookmarks
0 Replies
2 Quotes
#threatreport #MediumCompleteness No Place Like Localhost: Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480 | 10-11-2025 Source: https://t.co/BwA7JZJFyR Key details below ↓ 🧑💻Actors/Campaigns: Unc6485 💀Threats: Plink_tool, Zoho_assist_tool, A
@rst_cloud
11 Nov 2025
99 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
Active exploit alert: Triofox bug (CVE-2025-12480) lets attackers hijack AV configs to run malicious code. That’s a back door you don’t want. If you use Triofox, patch it now or risk data leaks and access issues. Details: https://t.co/7OQ74dch2s #CyberSecurity #PatchNow
@lowcountrycyber
11 Nov 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-12480 - critical 🚨 Triofox - Improper Access Control > The Gladinet Triofox solution before 12.91.1126.65588 and CentreStack before 12.10.59... 👾 https://t.co/zVvaAo0IDv @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
11 Nov 2025
20 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
We just published our AttackerKB @rapid7 analysis of CVE-2025-12480. Disclosed yesterday, but patch back in July, its an access control bypass affecting not only Gladinet Triofox, but as we show, also Gladinet CentreStack. Analysis & RCE details here: https://t.co/OFuISM4fHn
@stephenfewer
11 Nov 2025
5327 Impressions
15 Retweets
50 Likes
14 Bookmarks
0 Replies
0 Quotes
No Place Like Localhost: Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480 https://t.co/QYh5e4j3xu
@Dinosn
11 Nov 2025
1597 Impressions
2 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
🔥 𝐂𝐫𝐢𝐭𝐢𝐜𝐚𝐥 𝐓𝐫𝐢𝐨𝐟𝐨𝐱 𝐙𝐞𝐫𝐨-𝐃𝐚𝐲 (𝐂𝐕𝐄-𝟐𝟎𝟐𝟓-𝟏𝟐𝟒𝟖𝟎) 𝐔𝐧𝐝𝐞𝐫 𝐀𝐜𝐭𝐢𝐯𝐞 𝐄𝐱𝐩𝐥𝐨𝐢𝐭: 𝐇𝐨𝐬𝐭 𝐇𝐞𝐚𝐝𝐞𝐫 𝐁𝐲𝐩
@PurpleOps_io
11 Nov 2025
55 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Google Mandiant Threat Defense, Gladinet'in Triofox platformundaki CVE-2025-12480 (CVSS 9.1) zafiyetinin n-day exploit edildiğini açıkladı. Bu kritik açık, kimlik doğrulamayı aşarak arbitrary payload yüklenip çalıştırılmasına olanak sağlıyor. https://t.co/RU3A7D
@err_cod
11 Nov 2025
772 Impressions
0 Retweets
6 Likes
1 Bookmark
0 Replies
0 Quotes
Mandiant reports an unauthenticated access vulnerability in Triofox (CVE-2025-12480) allowing attackers to exploit the platform for code execution; users are advised to upgrade to the latest version for security. #Cybersecurity #Vulnerability https://t.co/XrnKOkarLr
@Cyber_O51NT
11 Nov 2025
1110 Impressions
4 Retweets
19 Likes
3 Bookmarks
0 Replies
1 Quote
Triofox脆弱性CVE-2025-12480悪用、AV機能でRAT導入 https://t.co/pAGgc6t3SA #Security #セキュリティー #ニュース
@SecureShield_
11 Nov 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 اكتشفت شركة ماندIANT أن القراصنة يستغلون ثغرة أمنية في منصة Triofox التي تم إصلاحها. تُعرف الثغرة (CVE-2025-12480) بمعدل خطورة 9.1، حيث تسمح للمهاجمين بتجاوز مصادقة
@Cybercachear
10 Nov 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 UNC6485 is weaponizing CVE-2025-12480 (CVSS 9.1). They bypassed Triofox auth, ran setup to create an admin, then pointed the antivirus path at centre_report.bat to run code as SYSTEM. Read ↓ https://t.co/bv26eZ8nqM
@TheHackersNews
10 Nov 2025
12984 Impressions
23 Retweets
85 Likes
15 Bookmarks
0 Replies
1 Quote
No Place Like Localhost: Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480 https://t.co/Otm7YFiqwy
@MrsYisWhy
10 Nov 2025
31192 Impressions
2 Retweets
38 Likes
20 Bookmarks
0 Replies
1 Quote
[CVE-2025-12480: CRITICAL] Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.#cve,CVE-2025-12480,#cybersecurity https://t.co/cdTdEX4UZ4 https://t.co/O69rKHuDD6
@CveFindCom
10 Nov 2025
64 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-12480 Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete. https://t.co/s3TRIMnZeg
@CVEnew
10 Nov 2025
244 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gladinet:triofox:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "85D1B442-0354-472A-9A4C-1417AAE16936",
"versionEndExcluding": "16.7.10368.56560"
}
],
"operator": "OR"
}
]
}
]