CVE-2025-12480CRITICAL 9.1CISA KEVEPSS p99.8%

CVE-2025-12480Gladinet Triofox Improper Access Control Vulnerability

Gladinet / Triofox

Description

Gladinet Triofox contains an improper access control vulnerability that allows access to initial setup pages even after setup is complete.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS90.35% probability of exploitation · percentile 99.8% · 2026-06-17T12:03:21Z
Published2025-11-10
Last modified2025-11-14

CISA KEV entry

Added to KEV: 2025-11-12

Underlying weaknesses· 1

CWE-284

References

  1. https://access.triofox.com/releases_history/
  2. https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480
  3. https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0008.md
  4. https://www.triofox.com/
  5. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-12480

1

TypeTargetConfidenceTier
WeaknessImproper Access Controlcwe-2840%live

(incoming)1

TypeTargetConfidenceTier
KEVEntryGladinet Triofox Improper Access Control Vulnerabilitykev-cve-2025-124800%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability
CVE
Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability
CVE
Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability
CVE
CVE-2025-28202
CVE
CVE-2026-1633
CVE
CVE-2025-3719
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.