CVE-2025-12480_CVE-2025-12480

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Description

Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.

AI Analysis

Improper Access Control vulnerability in Triofox, allowing access to initial setup pages after setup is complete.

Basic Information

ID CVE-2025-12480

Source Mandiant

Published Nov 10, 2025 at 14:20

Modified Nov 10, 2025 at 15:28

Affected Product

Vendor TrioFox

Product TrioFox

Affected Versions TrioFox TrioFox 0

CWE Classification

CWE-284

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor TrioFox

Product Triofox

Version prior to 16.7.10368.56560

References

{
    "lastseen": "",
    "description": "Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.",
    "published": "2025-11-10T14:20:40.677Z",
    "modified": "2025-11-10T15:28:21.167Z",
    "type": "cve",
    "title": "CVE-2025-12480",
    "source": "Mandiant",
    "references": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0008.md\nhttps://www.triofox.com/\nhttps://access.triofox.com/releases_history/\nhttps://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480",
    "id": "CVE-2025-12480",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "TrioFox TrioFox 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "TrioFox",
    "version": "0",
    "vendor": "TrioFox",
    "ai_description": "Improper Access Control vulnerability in Triofox, allowing access to initial setup pages after setup is complete.",
    "ai_severity": "Critical",
    "ai_vendor": "TrioFox",
    "ai_product": "Triofox",
    "ai_version": "prior to 16.7.10368.56560",
    "ai_score": 9.1
}