CVE-2025-12480
CRITICAL KEV NUCLEITriofox < 16.7.10368.56560 - Improper Access Control via Initial Setup Pages
Title source: llmExploitation Summary
CVE-2025-12480 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 12, 2025. A Nuclei detection template is also available.
Description
Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.
Nuclei Templates (1)
Triofox - Improper Access Control
CRITICALVERIFIEDby johnk3r,gti
Shodan:
http.favicon.hash:-177043778
FOFA:
icon_hash="-177043778"
References (5)
Core 5
Core References
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-12480
Product product
https://www.triofox.com/
Third Party Advisory third-party-advisory
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0008.md
Release Notes release-notes
https://access.triofox.com/releases_history/
Exploit, Third Party Advisory third-party-advisory
https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480
Scores
CVSS v3
9.1
EPSS
0.7991
EPSS Percentile
99.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
total
Details
CISA KEV
2025-11-12
VulnCheck KEV
2025-11-10
ENISA EUVD
EUVD-2025-44062
CWE
CWE-284
Status
published
Products (1)
gladinet/triofox
< 16.7.10368.56560
Published
Nov 10, 2025
KEV Added
Nov 12, 2025
Tracked Since
Feb 18, 2026