CVE-2025-12480

Nov. 14, 2025, 2 a.m.

9.1
Critical

Description

Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.

Product(s) Impacted

Vendor Product Versions
Gladinet
  • Triofox
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a gladinet triofox / / / / / / / /

References

https://access.triofox.com/releases_history/
https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0008.md
https://www.triofox.com/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-12480

Tags

CWE-284
mandiant-cve@google.com
2025-11-10
CVE-2025-12480

CVSS Score

9.1 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: NONE

    • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

    View Vector String

Timeline

Published: Nov. 10, 2025, 3:15 p.m.
Last Modified: Nov. 14, 2025, 2 a.m.

Status : Analyzed

CVE has had analysis completed and all data associations made.

More info

Source

mandiant-cve@google.com

Relations

Here is the list of observables linked to the vulnerability CVE-2025-12480 using threat intelligence.

  • UNC6485
  • UNC6485
  • Intellexa
  • Triofox
  • Triofox
  • jRAT - S0283
  • jRAT
  • Predator
  • PREYHUNTER

Linked Attack Reports

Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480

A critical vulnerability in Gladinet's Triofox file-sharing platform, CVE-2025-12480, allowed unauthenticated access to configuration pages, enabling arbitrary payload execution. Threat actor UNC6485 exploited this flaw as early as August 24, 2025, bypassing authentication and chaining it with anti…
remote access
privilege escalation
file-sharing
triofox
unauthenticated access
2025-11-10
CVE-2025-12480
anti-virus abuse
host header attack
Published: November 10, 2025
Linked vulnerabilities : CVE-2025-12480 (CVSS 9.1)
Downloadable IOCs: 7

Prolific Zero-Day Exploits Continue

Despite sanctions, Intellexa continues to operate, developing and selling spyware to various clients. The company has been linked to 15 unique zero-day vulnerabilities since 2021, targeting mobile browsers and operating systems. Their exploit chain, known as 'smack', uses a framework called JSKit f…
ios
surveillance
android
zero-day
spyware
CVE-2024-4610
chrome
CVE-2025-6554
2025-12-04
predator
CVE-2023-41991
CVE-2023-41992
CVE-2023-41993
exploit-chain
CVE-2023-2033
preyhunter
CVE-2023-4762
CVE-2021-37976
CVE-2023-2136
CVE-2023-3079
CVE-2021-37973
CVE-2021-38003
CVE-2021-1048
CVE-2025-48543
CVE-2021-38000
Published: December 4, 2025
Linked vulnerabilities : CVE-2024-4610, CVE-2025-6554 (CVSS 8.1), CVE-2025-12480 (CVSS 9.1), CVE-2025-48543, CVE-2021-1048, CVE-2023-2136, CVE-2021-38003, CVE-2021-37976, CVE-2023-2033, CVE-2023-41993, CVE-2023-41992, CVE-2023-41991, CVE-2023-4762, CVE-2023-3079, CVE-2021-38000, CVE-2021-37973, CVE-2022-42856
Downloadable IOCs: 2

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.