CVE-2025-12480
CVE-2025-12480
In short
Triofox versions before 16.7.10368.56560 have a flaw that allows attackers to access the initial setup pages even after installation is finished. This is dangerous because setup pages typically contain sensitive configuration options and administrative functions that should only be available during installation.
Technical detail
An improper access control vulnerability (CWE-284) in Triofox allows unauthenticated or unauthorized users to bypass access restrictions and reach initial setup interfaces post-deployment. This enables attackers to reconfigure system settings, modify administrative credentials, or extract sensitive configuration data without requiring valid authentication credentials.
Summary generated and translated by AI from the official description.
Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected products
TrioFox · TrioFoxWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://access.triofox.com/releases_history/https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0008.mdhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-12480https://www.triofox.com/