Google’s Mandiant Threat Defense reports on the exploitation of a zero-day vulnerability in Gladinet’s Triofox platform, leading to unauthorized access and remote code execution. The threat actors weaponized this flaw to create admin accounts, deploy remote access tools, and establish encrypted tunnels for privilege escalation. #CVE2025-12480 #UNC6485
Keypoints
- The critical vulnerability CVE-2025-12480 allows bypassing authentication in Triofox.
- Threat cluster UNC6485 exploited the flaw months after Gladinet released patches.
- Attackers created a native admin account to facilitate further malicious activities.
- Remote access tools like Zoho Assist and AnyDesk were deployed for reconnaissance and privilege escalation.
- Users are instructed to update Triofox, audit admin accounts, and prevent unauthorized script execution.
Read More: https://thehackernews.com/2025/11/hackers-exploiting-triofox-flaw-to.html