In recent developments, the popular remote file sharing and collaboration platform, Triofox, has been at the center of attention due to a critical vulnerability identified as CVE-2025-12480. This flaw, characterized by improper access control, allowed for a zero-day exploitation that enabled attackers to deploy remote access tools, facilitating lateral movement within affected systems.
Details of the Vulnerability
Security experts from Google’s Mandiant and its Threat Intelligence Group (GTIG) have brought this issue to light, revealing that Triofox’s built-in antivirus feature was compromised. The vulnerability permitted unauthorized access to initial setup pages even after the setup process had been completed, raising significant security concerns.
Attack Methods
Notably, the UNC6485 threat group has been linked to this exploitation, employing tools such as Zoho Assist, AnyDesk, and SSH tunneling to gain remote access to systems. This sophisticated approach underscores the evolving tactics used by cybercriminals and highlights the necessity for robust security measures.
Response and Mitigation
In response to this critical vulnerability, a patch was released on July 26, with a newer version of Triofox made available on October 14 to further mitigate the risks associated with the flaw. Users are strongly encouraged to update their systems to ensure they are protected against potential threats stemming from this vulnerability.
