Cyber Posture

CVE-2025-66052

HighRCE

Published: 09 January 2026

Published
09 January 2026
Modified
14 January 2026
KEV Added
Patch
CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0027 50.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-66052 is a high-severity OS Command Injection (CWE-78) vulnerability in Vivotek Ip7137 Firmware. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 49.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique.
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SC-27 Platform-independent Applications
addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

SI-10 Information Input Validation
addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
Why these techniques?

Command injection in public-facing CGI endpoint directly enables T1190 exploitation and arbitrary Unix shell command execution via T1059.004.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Vivotek IP7137 camera with firmware version 0200a is vulnerable to command injection. Parameter "system_ntpIt" used by "/cgi-bin/admin/setparam.cgi" endpoint is not sanitized properly, allowing a user with administrative privileges to perform an attack. Due to CVE-2025-66050, administrative access is not protected…

more

by default, The vendor has not replied to the CNA Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released.

Deeper analysisAI

CVE-2025-66052 is a command injection vulnerability affecting the Vivotek IP7137 IP camera, specifically firmware version 0200a. The issue arises in the "/cgi-bin/admin/setparam.cgi" endpoint, where the "system_ntpIt" parameter is not properly sanitized, enabling command injection. All firmware versions may be vulnerable, as the product has reached its End-Of-Life phase.

An attacker with administrative privileges can exploit this vulnerability over the network with low complexity and no user interaction required. Due to the related CVE-2025-66050, administrative access is not protected by default, lowering the barrier for privilege escalation. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, as reflected in the CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

No patches or fixes are expected, as the vendor has not responded to the CNA and the product is end-of-life. Security practitioners should isolate affected devices, restrict network access, and monitor for unauthorized administrative logins. Additional details are available in the advisory at https://cert.pl/posts/2026/01/CVE-2025-66049.

Details

CWE(s)
CWE-78

Affected Products

vivotek
ip7137 firmware
0200a

CVEs Like This One

CVE-2025-66049Same product: Vivotek Ip7137
CVE-2025-66050Same product: Vivotek Ip7137
CVE-2026-25070Shared CWE-78
CVE-2026-34796Shared CWE-78
CVE-2025-27392Shared CWE-78
CVE-2025-64127Shared CWE-78
CVE-2026-3037Shared CWE-78
CVE-2025-56114Shared CWE-78
CVE-2026-41113Shared CWE-78
CVE-2026-23592Shared CWE-78

References