Vulners
Lucene search
Triofox - Improper Access Control
| Reporter | Title | Published | Views | Family All 17 |
|---|---|---|---|---|
 | CVE-2025-12480 | 10 Nov 202515:19 | – | circl |
 | Gladinet Triofox Improper Access Control Vulnerability | 12 Nov 202500:00 | – | cisa_kev |
 | CISA Adds Three Known Exploited Vulnerabilities to Catalog | 12 Nov 202512:00 | – | cisa |
 | TrioFox 安全漏洞 | 10 Nov 202500:00 | – | cnnvd |
 | CVE-2025-12480 | 10 Nov 202514:20 | – | cve |
 | CVE-2025-12480 | 10 Nov 202514:20 | – | cvelist |
 | EUVD-2025-44062 | 10 Nov 202515:31 | – | euvd |
 | Gladinet Triofox Improper Access Control (CVE-2025-12480) | 24 Nov 202500:00 | – | nessus |
| Gladinet Triofox < 16.7.10368.56560 Improper Access Control | 17 Dec 202500:00 | – | nessus |
 | CVE-2025-12480 | 10 Nov 202515:15 | – | nvd |
10
id: CVE-2025-12480
info:
name: Triofox - Improper Access Control
author: johnk3r,gti
severity: critical
description: |
The Gladinet Triofox solution before 12.91.1126.65588 and CentreStack before 12.10.595.65696 allow unauthenticated access to the /management/admindatabase.aspx endpoint, exposing sensitive database management functionality to anyone with network access. An unauthenticated attacker can remotely access, view, and potentially interact with the database management interface, risking data disclosure or system compromise.
impact: |
Attackers may gain access to sensitive administrative functions of the Triofox database, resulting in unauthorized data access, modification, or potential system compromise.
remediation: |
Upgrade to Triofox 12.91.1126.65588 or CentreStack 12.10.595.65696 and later to resolve this vulnerability and restrict unauthenticated access to the administrative database panel.
reference:
- https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480
- https://attackerkb.com/topics/5C4wRy6hY7/cve-2025-12480/rapid7-analysis
- https://nvd.nist.gov/vuln/detail/CVE-2025-12480
classification:
cve-id: CVE-2025-12480
epss-score: 0.79911
epss-percentile: 0.99128
cwe-id: CWE-306
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
metadata:
verified: true
max-request: 1
shodan-query: http.favicon.hash:-177043778
fofa-query: icon_hash="-177043778"
tags: cve,cve2025,triofox,unauth,exposure,vkev,kev
http:
- raw:
- |
GET /management/admindatabase.aspx HTTP/1.1
Host: localhost
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'Triofox Enterprise'
- 'Manage Database'
- 'Configure Database'
condition: and
- type: status
status:
- 200
# digest: 4b0a00483046022100b3f0248dc407899572c38d6682ab2162087378ad2fb2d03bc023fa49b1c1508e022100f8209ab7789bfcf527410d1db0c5991bbc7f07fa64331d0cd7d87fab1cfc7033:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
6Medium risk
Vulners AI Score6
CVSS 3.19.1
EPSS0.79911
SSVC