CVE-2025-12480 is a critical unauthenticated access vulnerability in Triofox that allows attackers to bypass authentication using an HTTP host header injection technique. By modifying the Host header to ‘localhost’, attackers can access the AdminDatabase.aspx page, typically hidden during setup. Once access is gained, they can create administrative accounts and escalate their privileges, potentially leading to severe breaches, especially with Triofox’s anti-virus feature misconfiguration. Attackers can upload malicious scripts that execute with SYSTEM privileges, compromising systems completely.
Post-exploitation, attackers deploy additional tools like Zoho Unified Endpoint Management and AnyDesk, establishing encrypted tunnels for remote access. Mandiant detected the breach promptly, containing it within 16 minutes. To mitigate risks, they recommend urgent upgrades to Triotfox versions and audits of administrative accounts, ensuring anti-virus engines execute only authorized binaries and monitoring for unusual SSH traffic.
👉 Pročitaj original: Cyber Security News
