← Voltar para CVEs
CVE-2025-12480
CRITICALCISA KEV9.1
Descricao
Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.
Detalhes CVE
Pontuacao CVSS v3.19.1
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado11/10/2025
Ultima modificacao11/14/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorGladinet
ProdutoTriofox
Nome da vulnerabilidadeGladinet Triofox Improper Access Control Vulnerability
Data inclusao KEV2025-11-12
Prazo de remediacao2025-12-03
Uso em ransomwareUnknown
Produtos afetados
gladinet:triofox
Fraquezas (CWE)
CWE-284
Referencias
https://access.triofox.com/releases_history/(mandiant-cve@google.com)
https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480(mandiant-cve@google.com)
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0008.md(mandiant-cve@google.com)
https://www.triofox.com/(mandiant-cve@google.com)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-12480(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.