https://blog.qife122.com/tags/%E4%B8%BB%E6%9C%BA%E5%A4%B4%E6%AC%BA%E9%AA%97/ Recent content in 主机头欺骗 on 办公AI智能小助手 Hugo zh-cn qife Thu, 20 Nov 2025 13:42:30 +0800 https://blog.qife122.com/p/triofox%E9%9B%B6%E6%97%A5%E6%BC%8F%E6%B4%9Ecve-2025-12480%E9%81%AD%E6%B4%BB%E8%B7%83%E5%88%A9%E7%94%A8%E4%B8%BB%E6%9C%BA%E5%A4%B4%E7%BB%95%E8%BF%87%E5%AE%9E%E7%8E%B0%E6%9C%AA%E6%8E%88%E6%9D%83%E7%AE%A1%E7%90%86%E5%91%98%E6%8E%A5%E7%AE%A1/ Thu, 20 Nov 2025 13:42:30 +0800 https://blog.qife122.com/p/triofox%E9%9B%B6%E6%97%A5%E6%BC%8F%E6%B4%9Ecve-2025-12480%E9%81%AD%E6%B4%BB%E8%B7%83%E5%88%A9%E7%94%A8%E4%B8%BB%E6%9C%BA%E5%A4%B4%E7%BB%95%E8%BF%87%E5%AE%9E%E7%8E%B0%E6%9C%AA%E6%8E%88%E6%9D%83%E7%AE%A1%E7%90%86%E5%91%98%E6%8E%A5%E7%AE%A1/ <h1 id="critical-triofox-zero-day-cve-2025-12480-under-active-exploit-host-header-bypass-allows-unauthenticated-admin-takeover">Critical Triofox Zero-Day (CVE-2025-12480) Under Active Exploit: Host Header Bypass Allows Unauthenticated Admin Takeover</h1> <h2 id="漏洞概述">漏洞概述</h2> <p>Google Cloud Security Operations旗下的Mandiant Threat Defense研究人员披露，Gladinet的Triofox文件共享平台中存在一个严重的未授权访问漏洞，已被追踪为UNC6485的威胁组织积极利用。该漏洞现已被修补为CVE-2025-12480，允许攻击者绕过身份验证、创建管理员账户，并通过链式攻击路径实现SYSTEM级代码执行。</p>