id: CVE-2025-12480 info: name: Triofox - Improper Access Control author: johnk3r,gti severity: critical description: | The Gladinet Triofox solution before 12.91.1126.65588 and CentreStack before 12.10.595.65696 allow unauthenticated access to the /management/admindatabase.aspx endpoint, exposing sensitive database management functionality to anyone with network access. An unauthenticated attacker can remotely access, view, and potentially interact with the database management interface, risking data disclosure or system compromise. impact: | Attackers may gain access to sensitive administrative functions of the Triofox database, resulting in unauthorized data access, modification, or potential system compromise. remediation: | Upgrade to Triofox 12.91.1126.65588 or CentreStack 12.10.595.65696 and later to resolve this vulnerability and restrict unauthenticated access to the administrative database panel. reference: - https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480 - https://attackerkb.com/topics/5C4wRy6hY7/cve-2025-12480/rapid7-analysis - https://nvd.nist.gov/vuln/detail/CVE-2025-12480 classification: cve-id: CVE-2025-12480 epss-score: 0.79911 epss-percentile: 0.99133 cwe-id: CWE-306 cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 metadata: verified: true max-request: 1 shodan-query: http.favicon.hash:-177043778 fofa-query: icon_hash="-177043778" tags: cve,cve2025,triofox,unauth,exposure,vkev,kev http: - raw: - | GET /management/admindatabase.aspx HTTP/1.1 Host: localhost matchers-condition: and matchers: - type: word part: body words: - 'Triofox Enterprise' - 'Manage Database' - 'Configure Database' condition: and - type: status status: - 200 # digest: 490a0046304402206ec9ff4fb133079dadd9cf374ffeaca5d9ffddbc2b7b3bfee7334e151af48e3202206a7d73b3f5dd2a11619a840ab0ebd8b7504b541ec4fd2c9b01862f20807f363f:922c64590222798bb761d5b6d8e72950