CVE-2025-12480

EUVD-2025-44062
Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
MandiantCNA
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
Affected Products (NVD)
VendorProductVersion
gladinettriofox
𝑥
< 16.7.10368.56560
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://access.triofox.com/releases_history/
https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0008.md
https://www.triofox.com/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-12480