One of the most concerning vulnerabilities in the new CISA catalog is CVE-2025-1316, which affects the Edimax IC-7100 IP Camera. This vulnerability, identified on March 4, 2025, is an OS Command Injection Vulnerability that allows attackers to execute arbitrary commands on the device remotely.
The Edimax IC-7100 does not properly neutralize special characters used in OS commands, leaving it open to exploitation. Malicious actors can craft specific requests to inject malicious code into the camera’s operating system, leading to remote code execution and unauthorized access to the device.
The impact of this vulnerability is severe, as it enables attackers to gain control over the device, potentially accessing sensitive video surveillance data or compromising the network. A CVSS v4 score of 9.3 has been assigned to CVE-2025-1316, indicating the critical nature of the flaw.
CISA strongly recommends that organizations using Edimax IC-7100 IP Cameras take immediate action to mitigate the risk, including network isolation, the use of firewalls, and the deployment of Virtual Private Networks (VPNs) to protect control systems from external threats.
CVE-2024-48248: Absolute Path Traversal Vulnerability in NAKIVO Backup and Replication
Another serious vulnerability added to CISA’s catalog is CVE-2024-48248, a Traversal Vulnerability in NAKIVO Backup and Replication. This flaw, which was discovered in March 2025, allows attackers to exploit the application’s handling of file paths, enabling them to access unauthorized directories on the system. This vulnerability is a classic case of absolute path traversal, where attackers can manipulate file paths to navigate outside the expected directory structure, potentially reading sensitive files and compromising the system’s security.
The flaw affects all versions of NAKIVO Backup and Replication prior to the patch release, and its exploitation can lead to data leakage or loss, exposing critical backup information. CISA emphasizes the importance of applying patches and updating to the latest software versions to prevent potential breaches. Organizations are advised to ensure proper access controls are in place and to regularly audit their systems for vulnerabilities related to path traversal.
CVE-2017-12637: Directory Traversal Vulnerability in SAP NetWeaver
The third vulnerability on CISA’s list is CVE-2017-12637, a Directory Traversal Vulnerability found in SAP NetWeaver, a widely used enterprise resource planning (ERP) system. This flaw, which was originally published in August 2017, has resurfaced in the context of ongoing exploitation. The vulnerability allows attackers to access arbitrary files by manipulating file paths in a web application’s query string, a technique known as directory traversal.
In this case, the SAP NetWeaver Application Server Java 7.5 is vulnerable to exploitation via the UIUtilJavaScriptJS component. By sending specially crafted input that includes .. (dot dot) sequences, attackers can navigate outside the application’s root directory and access sensitive files on the underlying system. Exploiting this flaw can lead to the disclosure of confidential information, and in some cases, the ability to execute further attacks on the system.
CISA urges SAP NetWeaver users to immediately apply security patches to resolve this issue and recommends conducting thorough security reviews to prevent similar vulnerabilities from being overlooked in the future.
Conclusion
Addressing vulnerabilities such as CVE-2025-1316, CVE-2024-48248, and CVE-2017-12637 is important for protecting critical infrastructure and sensitive data from exploitation. Organizations must remain proactive in implementing mitigation strategies recommended by CISA, such as updating systems, securing access, and isolating vulnerable devices.
As the threat landscape evolves, the importance of leveraging advanced cybersecurity solutions cannot be overstated. Cyble, a leader in AI-driven cybersecurity, plays a crucial role in helping organizations stay protected from cyber adversaries. With its cutting-edge threat intelligence platforms, like Cyble Vision, Cyble empowers enterprises, government bodies, and law enforcement agencies to proactively detect and defend against cyber threats.
