Cyber Posture

CVE-2025-1316

CriticalCISA KEVActive ExploitationRCE

Published: 05 March 2025

Published
05 March 2025
Modified
30 October 2025
KEV Added
19 March 2025
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.8630 99.4th percentile
Risk Priority 91 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1316 is a critical-severity OS Command Injection (CWE-78) vulnerability in Edimax Ic-7100 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 0.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly requires information input validation mechanisms to neutralize specially crafted requests and prevent command injection leading to remote code execution.

SI-2 Flaw Remediation good match
prevent

Mandates timely identification, reporting, and correction of the specific flaw in request neutralization to remediate the RCE vulnerability.

SC-7 Boundary Protection partial match
prevent

Monitors and controls communications at external boundaries to block or restrict network-based crafted requests targeting the vulnerable device.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
Why these techniques?

The CVE describes unauthenticated remote code execution via OS command injection (CWE-78) on a public-facing network device, directly enabling T1190 (Exploit Public-Facing Application) for initial access and T1059.004 (Unix Shell) for arbitrary command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device

Deeper analysisAI

CVE-2025-1316 is a critical vulnerability (CVSS score 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) affecting the Edimax IC-7100 device. Published on 2025-03-05, it arises from the device's failure to properly neutralize requests (CWE-78), enabling attackers to craft specially crafted requests that result in remote code execution on the device.

The vulnerability is exploitable by unauthenticated attackers over the network with low attack complexity and no user interaction required. Successful exploitation allows attackers to achieve high-impact confidentiality, integrity, and availability compromises through arbitrary remote code execution on the targeted Edimax IC-7100.

CISA has issued ICS Advisory ICSA-25-063-08 addressing this vulnerability. CVE-2025-1316 is also listed in CISA's Known Exploited Vulnerabilities Catalog, indicating real-world exploitation.

Details

CWE(s)
CWE-78
KEV Date Added
19 March 2025

Affected Products

edimax
ic-7100 firmware
all versions

CVEs Like This One

CVE-2025-9377Shared CWE-78both on KEV
CVE-2020-37125Same vendor: Edimax
CVE-2025-58034Shared CWE-78both on KEV
CVE-2025-22905Same vendor: Edimax
CVE-2024-50603Shared CWE-78both on KEV
CVE-2026-1731Shared CWE-78both on KEV
CVE-2025-70161Same vendor: Edimax
CVE-2024-48418Same vendor: Edimax
CVE-2025-48703Shared CWE-78both on KEV
CVE-2025-22912Same vendor: Edimax

References