Triofox - Missing Authorization (CVE-2025-12480)
90Exploiting IPs reported
Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.
CrowdSec analysis
CVE-2025-12480 is a critical improper access control vulnerability in Triofox versions prior to 16.7.10368.56560, which allows unauthorized users to access initial setup pages even after the setup process is complete. This flaw could enable attackers to reconfigure or compromise the system, potentially leading to unauthorized access to sensitive data and system settings.
CrowdSec has been tracking this vulnerability and its exploits since 26th of November 2025.
CrowdSec network data shows that most actors exploiting CVE-2025-12480 rely on broad, untargeted scans with minimal filtering. The activity is largely automated and opportunistic in nature. Additionally, according to week-over-week analysis by CrowdSec, exploitation of CVE-2025-12480 is surging. Attack volumes are spiking well above historical norms, indicating widespread and escalating interest from threat actors. CVE-2025-12480 is currently experiencing high visibility and active exploitation across the internet.
Attackers exploit this vulnerability by sending unauthenticated requests to the /management/admindatabase.aspx endpoint, granting access to sensitive database management functions without requiring credentials.
Exploitation
Get real-time information about exploitation attempts and actors involved.
Protection
Find out relevant information to protect your stack against this CVE.
Blocklist
With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.
To increase your protection against this CVE, block exploitation attempts with this list of identified actors.