top of page
ALL POSTS
Critical Triofox Zero-Day (CVE-2025-12480): Unauthenticated Admin Takeover Through Host Header Bypass
Key Findings Researchers at Mandiant Threat Defense, part of Google Cloud Security Operations, have revealed a critical unauthenticated access vulnerability in Gladinet's Triofox file-sharing platform (CVE-2025-12480). The vulnerability allowed attackers to bypass authentication, create administrative accounts, and achieve SYSTEM-level code execution through a chained attack path. The exploitation campaign was first detected on August 24, 2025, when Google Threat Intelligence
Nov 11, 20252 min read
CISA Announces Addition of Gladinet and CWP Vulnerabilities to Known Exploited Vulnerabilities Catalog.
Background Gladinet CentreStack and Triofox are enterprise file-sharing and cloud storage solutions designed for businesses. CentreStack provides a secure platform for file sharing, syncing, and collaboration, integrating on-premises storage with cloud access. Triofox offers a hybrid cloud solution that enables secure remote access to existing Windows file shares and SMB/NFS storage. CVE-2025-11371 - Gladinet CentreStack and Triofox Files or Directories Accessible to External
Nov 5, 20251 min read
bottom of page