CVE-2025-1316
Published: 05 March 2025
Description
Adversaries may abuse Unix shell commands and scripts for execution.
Security Summary
CVE-2025-1316 is a critical vulnerability (CVSS score 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) affecting the Edimax IC-7100 device. Published on 2025-03-05, it arises from the device's failure to properly neutralize requests (CWE-78), enabling attackers to craft specially crafted requests that result in remote code execution on the device.
The vulnerability is exploitable by unauthenticated attackers over the network with low attack complexity and no user interaction required. Successful exploitation allows attackers to achieve high-impact confidentiality, integrity, and availability compromises through arbitrary remote code execution on the targeted Edimax IC-7100.
CISA has issued ICS Advisory ICSA-25-063-08 addressing this vulnerability. CVE-2025-1316 is also listed in CISA's Known Exploited Vulnerabilities Catalog, indicating real-world exploitation.
Details
- CWE(s)
- KEV Date Added
- 19 March 2025
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The CVE describes unauthenticated remote code execution via OS command injection (CWE-78) on a public-facing network device, directly enabling T1190 (Exploit Public-Facing Application) for initial access and T1059.004 (Unix Shell) for arbitrary command execution.