A critical vulnerability in Gladinet's Triofox, tracked as CVE-2025-12480, has been actively exploited by attackers, prompting urgent action from security teams. The flaw, which affects Triofox versions prior to 16.7.10368.56560, is an improper access control issue that allows unauthorized access to initial setup pages even after the setup process is complete. This vulnerability has been assigned a CVSS score of 9.1, reflecting its severity, and has been listed in the Known Exploited Vulnerabilities (KEV) catalog as of November 12, 2025.
The vulnerability was disclosed on November 10, 2025, and within just 1.4 days, it was being exploited in the wild, underscoring the rapid pace at which attackers are able to leverage newly discovered flaws. The Exploit Prediction Scoring System (EPSS) has rated this vulnerability at 0.783, indicating a high likelihood of exploitation.
Triofox, a platform designed to facilitate secure file sharing and collaboration, is widely used by enterprises seeking to enhance their cloud storage capabilities. The improper access control flaw, identified as CWE-284, compromises the security of these systems by allowing attackers to bypass authentication mechanisms and gain unauthorized access to sensitive setup configurations.
Security researchers have confirmed that the vulnerability has been patched, and users are strongly advised to update to the latest version of Triofox to mitigate the risk of exploitation. The urgency of this update is highlighted by the Security Severity Vulnerability Classification (SSVC) which categorizes this issue as 'act', indicating immediate action is required.
Organizations using Triofox should prioritize this patch and review their systems for any signs of compromise. Given the speed at which this vulnerability was exploited, it is crucial for security teams to remain vigilant and ensure that all systems are updated promptly. Additionally, monitoring for unusual access patterns and reviewing access logs can help identify any unauthorized attempts to exploit this vulnerability.
As attackers continue to exploit vulnerabilities shortly after disclosure, maintaining a proactive patch management strategy and staying informed about newly disclosed vulnerabilities is essential for protecting enterprise systems from potential breaches.
CSURFACE