CVE-2025-12480

Critical KEV CVSS: 9.1

Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.

Vendor

Gladinet

Product

Triofox

CWE

CWE-284

Yayın Tarihi

2025-11-10 15:15:36

Güncelleme

2025-11-14 02:00:02

Source Identifier

mandiant-cve@google.com

KEV Date Added

2025-11-12

Kategoriler

CWE-284 Triofox CRITICAL Gladinet 2025

Referanslar

https://access.triofox.com/releases_history/ https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480 https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0008.md https://www.triofox.com/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-12480

Benzer Kayıtlar

High

CVE-2025-14611

Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of th…

High

CVE-2025-11371

In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local Fil…

Critical

CVE-2025-30406

Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the…