Hackers exploited a critical vulnerability in Gladinetβs Triofox platform, bypassing authentication and gaining SYSTEM privileges by abusing the antivirus feature. This attack facilitated remote code execution, system compromise, and deployment of malicious payloads. #CVE202512480 #TrojanHorse
Keypoints
- The vulnerability CVE-2025-12480 allowed attackers to bypass authentication using a spoofed localhost URL.
- Attackers gained access to the setup page and created a new administrator account titled βCluster Admin.β
- The compromised antivirus feature was exploited to execute malicious scripts under SYSTEM privileges.
- The attackers deployed various remote access tools like Zoho UEMS, AnyDesk, and created SSH tunnels for lateral movement.
- System administrators are advised to update to the latest software version and audit admin accounts to mitigate risks.