9.1

CVE-2025-12480

Warnung

Medienbericht

Exploit

EPSS 73.22%
Veröffentlicht 10.11.2025 14:20:40
Zuletzt bearbeitet 14.11.2025 02:00:02
Quelle mandiant-cve@google.com
CVE-Watchlists
Login
Unerledigt
Login

Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.

Betroffene Produkte Warnungen 1 Metriken 2 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gladinet ≫ Triofox Version < 16.7.10368.56560

12.11.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Gladinet Triofox Improper Access Control Vulnerability

Schwachstelle

Gladinet Triofox contains an improper access control vulnerability that allows access to initial setup pages even after setup is complete.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	73.22%	0.988

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
mandiant-cve@google.com	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://www.heise.de/news/Angriffe-auf-Watchguard-Firebox-und-Gladinet-Triofox-beobachtet-11076496.html

Medienbericht

heise Security

13.11.2025 09:04

https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0008.md

Third Party Advisory

https://www.triofox.com/

Product

https://access.triofox.com/releases_history/

Release Notes

https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480

Third Party Advisory

Exploit

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-12480

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2025-12480

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-12480

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-12480

EUVD