Improper Access Control in Triofox by Triofox Technologies
CVE-2025-12480

9.1CRITICAL

Key Information:

Vendor

Triofox

Status
Triofox
Vendor
CVE Published:
10 November 2025

Badges

🥇 Trended No. 1📈 Trended📈 Score: 6,330💰 Ransomware👾 Exploit Exists🟣 EPSS 70%🦅 CISA Reported📰 News Worthy

What is CVE-2025-12480?

CVE-2025-12480 is a vulnerability affecting Triofox, a secure file sharing and collaboration platform developed by Triofox Technologies. This vulnerability stems from improper access control within the software, which allows users to access initial setup pages even after the setup process has been completed. Such unauthorized access can provide opportunities for attackers to manipulate or alter configurations and settings that should be restricted after initial installation. Given that Triofox is intended to facilitate secure file sharing, this flaw presents a serious risk to organizations relying on the platform for sensitive data management and collaboration, potentially leading to unauthorized data exposure and compromise.

Potential impact of CVE-2025-12480

  1. Unauthorized Access: Users, including potential attackers, could gain access to sensitive configuration settings or management features, undermining the integrity of the system's security posture and enabling misuse of the platform.

  2. Data Breach Risk: With access to the setup pages, unauthorized users could manipulate file sharing permissions or expose sensitive files, increasing the likelihood of data breaches that can have significant legal and financial repercussions for organizations.

  3. Operational Disruption: The ability to change configurations or system settings may lead to unintended operational disruptions, impairing the organization's ability to leverage the Triofox platform effectively, resulting in loss of productivity and potential downtime.

CISA has reported CVE-2025-12480

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-12480 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

TrioFox 0 < 16.7.10368.56560

News Articles

favicon imageHelp Net Security

Week in review: Windows kernel flaw patched, suspected Fortinet FortiWeb zero-day exploited - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Adopting a counterintelligence mindset in luxury

3 weeks ago

favicon imageRed Hot Cyber

Triofox Antivirus Exploited to Install Remote Access Components

Learn about the critical vulnerability CVE-2025-12480 in Gladinet Triofox and how to protect yourself from hacker attacks that exploit this security flaw.

3 weeks ago

References

https://github.com/mandiant/Vulnerability-Disclosures/blo...
third-party-advisory
https://www.triofox.com/
product
https://access.triofox.com/releases_history/
release-notes

EPSS Score

70% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 💰

    Used in Ransomware

  • 🥇

    Vulnerability reached the number 1 worldwide trending spot

  • 🦅

    CISA Reported

  • 📈

    Vulnerability started trending

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by Google Cloud

  • Vulnerability published

  • Vulnerability Reserved

Credit

Stallone D’Souza, Mandiant
JSON
.
CVE-2025-12480 : Improper Access Control in Triofox by Triofox Technologies