Improper Access Control in Triofox by Triofox Technologies
CVE-2025-12480

9.1CRITICAL

Key Information:

Vendor: Triofox
Status: Triofox
Vendor: CVE Published:; 10 November 2025

🔔 Create Triofox Vulnerability Alert

What is CVE-2025-12480?

Versions of Triofox prior to 16.7.10368.56560 are affected by an Improper Access Control vulnerability, which permits users to gain access to initial setup pages even after the setup process is completed. This flaw may allow malicious actors to exploit the system, posing potential risks to sensitive information and operational integrity.

Affected Version(s)

TrioFox 0 < 16.7.10368.56560

References

https://github.com/mandiant/Vulnerability-Disclosures/blo...

third-party-advisory

https://www.triofox.com/

https://access.triofox.com/releases_history/

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 10, 2025
Vulnerability Reserved
Oct 29, 2025

Credit

Stallone D’Souza, Mandiant

.

CVE-2025-12480 : Improper Access Control in Triofox by Triofox Technologies