CVE-2025-12480

CriticalKnown Exploited

Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages…

Mandiant·CWE-284·Published 2025-11-10

CVSS

9.1

EPSS

0.90

KEV

Yes

Exploits

Attributed to:UNC6485

cve.orgen

165 chars

Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.

NVDen

165 chars

Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	9.1	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
3.1	Secondary	NVD	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVE-2025-12480

CVSS metrics across sources