Hackers Spoof Gladinet Triofox: When Anti-Virus Becomes Pro-Virus!

Cyber threat actors have hacked Gladinet’s Triofox platform using CVE-2025-12480, a vulnerability as gaping as a plot hole in a soap opera. By spoofing localhost, they turned admin pages into their playground. Luckily, a patched version is here to save the day—just like a superhero in a last-minute rescue.

3P
Published: November 11, 2025 12:34 pmAdded: November 11, 2025 at 5:04 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like UNC6485 took a page right out of the “Mission Impossible” handbook, pulling off a digital heist that would make Ethan Hunt proud! They exploited a vulnerability so thoroughly that it’s almost as if they had the Triofox source code framed on their wall. While most of us were just trying to figure out how to pronounce ‘CVSS,’ these cyber whizzes were creating admin accounts and running arbitrary code like it was no big deal. It’s a classic case of a vulnerability that was patched faster than you can say ‘anti-virus,’ but alas, not before our cyber villains had their moment in the spotlight.

Key Points:

  • Google’s Mandiant and GTIG identified a cyber threat actor, UNC6485, exploiting Triofox.
  • The vulnerability, CVE-2025-12480, was a critical access control flaw with a CVSS score of 9.8.
  • Triofox versions prior to 16.7.10368.56560 were vulnerable.
  • UNC6485 exploited this flaw starting August 2025, despite a June patch release.
  • The attackers used the vulnerability to create admin accounts and execute code via the anti-virus feature.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?