Detections
Analytics
Gladinet Triofox < 16.7.10368.56560 Improper Access Control
critical Web App Scanning Plugin ID 115076
Language:
Synopsis
Gladinet Triofox < 16.7.10368.56560 Improper Access ControlDescription
Gladinet Triofox version prior to 16.7.10368.56560 are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.Solution
Update to Gladinet Triofox version 16.7.10368.56560 or latest.See Also
https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480
Plugin Details
Severity: Critical
ID: 115076
Type: remote
Family: Component Vulnerability
Published: 12/17/2025
Updated: 12/17/2025
Scan Template: basic, full, pci, scan
Risk Information
VPR
Risk Factor: High
Score: 7.7
CVSS v2
Risk Factor: High
Base Score: 9.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N
CVSS Score Source: CVE-2025-12480
CVSS v3
Risk Factor: Critical
Base Score: 9.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVSS Score Source: CVE-2025-12480
Vulnerability Information
CPE: cpe:2.3:a:gladinet:triofox:*:*:*:*:*:*:*:*
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 7/26/2025
Vulnerability Publication Date: 11/9/2025
CISA Known Exploited Vulnerability Due Dates: 12/3/2025
Reference Information
CVE: CVE-2025-12480
CWE: 284
OWASP: 2010-A8, 2013-A7, 2013-A9, 2017-A5, 2017-A9, 2021-A1, 2021-A6
WASC: Insufficient Authorization
CAPEC: 19, 441, 478, 479, 502, 503, 536, 546, 550, 551, 552, 556, 558, 562, 563, 564, 578
DISA STIG: APSC-DV-000460, APSC-DV-002630
HIPAA: 164.306(a)(1), 164.306(a)(2), 164.312(a)(1), 164.312(a)(2)(i)
ISO: 27001-A.13.1.1, 27001-A.14.1.2, 27001-A.14.1.3, 27001-A.14.2.5, 27001-A.18.1.3, 27001-A.6.2.2, 27001-A.9.1.2, 27001-A.9.4.1, 27001-A.9.4.4, 27001-A.9.4.5
NIST: sp800_53-AC-3, sp800_53-CM-6b
OWASP API: 2019-API7, 2023-API8
OWASP ASVS: 4.0.2-1.4.2, 4.0.2-14.2.1