CVE-2025-12480
CRITICAL
2025-11-10
[email protected]
9.1
CVSS 3.1
Share
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Lifecycle Timeline
4
Analysis Generated
Mar 28, 2026 - 19:21 vuln.today
Added to CISA KEV
Nov 14, 2025 - 02:00 cisa
CISA KEV
PoC Detected
Nov 14, 2025 - 02:00 vuln.today
Public exploit code
CVE Published
Nov 10, 2025 - 15:15 nvd
CRITICAL 9.1
Description
Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.
Analysis
Triofox versions before 16.7.10368.56560 contain an improper access control flaw allowing access to initial setup pages after setup is complete, enabling reconfiguration attacks.
Technical Context
The CWE-284 improper access control fails to disable setup wizard endpoints after initial configuration, allowing attackers to reconfigure the system.
Affected Products
['Triofox before 16.7.10368.56560']
Remediation
Update Triofox. Verify setup pages are inaccessible. Audit admin accounts.
Priority Score
191
Low
Medium
High
Critical
KEV: +50
EPSS: +75.9
CVSS: +46
POC: +20
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).