Triofox - Improper Access Control

CVE-2025-12480

Verified

Description

The Gladinet Triofox solution before 12.91.1126.65588 and CentreStack before 12.10.595.65696 allow unauthenticated access to the /management/admindatabase.aspx endpoint, exposing sensitive database management functionality to anyone with network access. An unauthenticated attacker can remotely access, view, and potentially interact with the database management interface, risking data disclosure or system compromise.

Severity

Critical

CVSS Score

9.8

Exploit Probability

80%

Published Date

November 11, 2025

Template Author

johnk3r, gti

CVE-2025-12480.yaml

id: CVE-2025-12480

info:
  name: Triofox - Improper Access Control
  author: johnk3r,gti
  severity: critical
  description: |
    The Gladinet Triofox solution before 12.91.1126.65588 and CentreStack before 12.10.595.65696 allow unauthenticated access to the /management/admindatabase.aspx endpoint, exposing sensitive database management functionality to anyone with network access. An unauthenticated attacker can remotely access, view, and potentially interact with the database management interface, risking data disclosure or system compromise.
  impact: |
    Attackers may gain access to sensitive administrative functions of the Triofox database, resulting in unauthorized data access, modification, or potential system compromise.
  remediation: |
    Upgrade to Triofox 12.91.1126.65588 or CentreStack 12.10.595.65696 and later to resolve this vulnerability and restrict unauthenticated access to the administrative database panel.
  reference:
    - https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480
    - https://attackerkb.com/topics/5C4wRy6hY7/cve-2025-12480/rapid7-analysis
    - https://nvd.nist.gov/vuln/detail/CVE-2025-12480
  classification:
    cve-id: CVE-2025-12480
    epss-score: 0.79911
    epss-percentile: 0.99124
    cwe-id: CWE-306
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
  metadata:
    verified: true
    max-request: 1
    shodan-query: http.favicon.hash:-177043778
    fofa-query: icon_hash="-177043778"
  tags: cve,cve2025,triofox,unauth,exposure,vkev,kev

http:
  - raw:
      - |
        GET /management/admindatabase.aspx HTTP/1.1
        Host: localhost

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'Triofox Enterprise'
          - 'Manage Database'
          - 'Configure Database'
        condition: and

      - type: status
        status:
          - 200
# digest: 490a0046304402203b31640da923f6c405e7829021156e554f3882e5317e06f36f41e079685f950f02200c3ca7de23ff263f7ae1ca7b0799ecc2673d7c1da021535fa9fe58cc4032b3e5:922c64590222798bb761d5b6d8e72950

9.8Score

CVSS Metrics

CVSS Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE ID:

cve-2025-12480

CWE ID:

cwe-306

References

https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480 https://attackerkb.com/topics/5C4wRy6hY7/cve-2025-12480/rapid7-analysis https://nvd.nist.gov/vuln/detail/CVE-2025-12480

Remediation Steps

Upgrade to Triofox 12.91.1126.65588 or CentreStack 12.10.595.65696 and later to resolve this vulnerability and restrict unauthenticated access to the administrative database panel.

Description

id: CVE-2025-12480

info:
  name: Triofox - Improper Access Control
  author: johnk3r,gti
  severity: critical
  description: |
    The Gladinet Triofox solution before 12.91.1126.65588 and CentreStack before 12.10.595.65696 allow unauthenticated access to the /management/admindatabase.aspx endpoint, exposing sensitive database management functionality to anyone with network access. An unauthenticated attacker can remotely access, view, and potentially interact with the database management interface, risking data disclosure or system compromise.
  impact: |
    Attackers may gain access to sensitive administrative functions of the Triofox database, resulting in unauthorized data access, modification, or potential system compromise.
  remediation: |
    Upgrade to Triofox 12.91.1126.65588 or CentreStack 12.10.595.65696 and later to resolve this vulnerability and restrict unauthenticated access to the administrative database panel.
  reference:
    - https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480
    - https://attackerkb.com/topics/5C4wRy6hY7/cve-2025-12480/rapid7-analysis
    - https://nvd.nist.gov/vuln/detail/CVE-2025-12480
  classification:
    cve-id: CVE-2025-12480
    epss-score: 0.79911
    epss-percentile: 0.99124
    cwe-id: CWE-306
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
  metadata:
    verified: true
    max-request: 1
    shodan-query: http.favicon.hash:-177043778
    fofa-query: icon_hash="-177043778"
  tags: cve,cve2025,triofox,unauth,exposure,vkev,kev

http:
  - raw:
      - |
        GET /management/admindatabase.aspx HTTP/1.1
        Host: localhost

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'Triofox Enterprise'
          - 'Manage Database'
          - 'Configure Database'
        condition: and

      - type: status
        status:
          - 200
# digest: 490a0046304402203b31640da923f6c405e7829021156e554f3882e5317e06f36f41e079685f950f02200c3ca7de23ff263f7ae1ca7b0799ecc2673d7c1da021535fa9fe58cc4032b3e5:922c64590222798bb761d5b6d8e72950

Triofox - Improper Access Control

Description

Severity

CVSS Score

Exploit Probability

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps

Triofox - Improper Access Control

Description

Severity

CVSS Score

Exploit Probability

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps