CVE-2025-12480
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TrioFox | TrioFox | 0 < 16.7.10368.56560 | affected |
Weaknesses
- CWE-284: CWE-284: Improper Access Control
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: yes
- Technical Impact: total
Additional References
References
- https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0008.md
- https://www.triofox.com/
- https://access.triofox.com/releases_history/
- https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.