CVE-2025-12480

Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
MandiantCNA
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
gladinettriofox
𝑥
< 16.7.10368.56560
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://access.triofox.com/releases_history/
https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0008.md
https://www.triofox.com/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-12480