Cyber Resilience

CVE-2025-1316

CriticalCISA KEVActive ExploitationEUVD ExploitedRCE

Published: 05 March 2025

Published
05 March 2025
Modified
30 October 2025
KEV Added
19 March 2025
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.8675 99.4th percentile
Risk Priority 91 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1316 is a critical-severity OS Command Injection (CWE-78) vulnerability in Edimax Ic-7100 Firmware. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 0.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

Edimax IC-7100 devices contain an OS command injection vulnerability (CWE-78) because the firmware does not properly neutralize user-supplied input in network requests. The flaw affects the web interface of this IP camera model and carries a CVSS 4.0 score of 9.3, reflecting network attackability without authentication or user interaction.

An unauthenticated remote attacker can submit specially crafted HTTP requests that result in arbitrary command execution on the device, granting full control over the camera’s operating system and any attached storage or network resources.

CISA has published ICSA-25-063-08 and added CVE-2025-1316 to its Known Exploited Vulnerabilities Catalog, indicating that federal agencies and critical-infrastructure operators should treat the issue as actively exploited and apply vendor patches or mitigations without delay.

The vulnerability’s EPSS score currently stands at 0.8675 with a recorded peak of 0.8729, confirming sustained exploitation interest after public disclosure.

EU & UK References

Vulnerability details

Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device

CWE(s)
KEV Date Added
19 March 2025

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

The CVE describes unauthenticated remote code execution via OS command injection (CWE-78) on a public-facing network device, directly enabling T1190 (Exploit Public-Facing Application) for initial access and T1059.004 (Unix Shell) for arbitrary command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2020-37125Same vendor: Edimax
CVE-2024-40890Shared CWE-78both on KEV
CVE-2025-58034Shared CWE-78both on KEV
CVE-2025-9377Shared CWE-78both on KEV
CVE-2024-40891Shared CWE-78both on KEV
CVE-2025-22905Same vendor: Edimax
CVE-2024-48418Same vendor: Edimax
CVE-2026-1731Shared CWE-78both on KEV
CVE-2025-70161Same vendor: Edimax
CVE-2025-48703Shared CWE-78both on KEV

Affected Assets

edimax
ic-7100 firmware
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires information input validation mechanisms to neutralize specially crafted requests and prevent command injection leading to remote code execution.

prevent

Mandates timely identification, reporting, and correction of the specific flaw in request neutralization to remediate the RCE vulnerability.

prevent

Monitors and controls communications at external boundaries to block or restrict network-based crafted requests targeting the vulnerable device.

References