CVE-2025-1316

ENISA EUVD: EUVD-2025-6192 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 3 articles Published: 2025-03-04

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

86.75%

probability

This CVE has a 86.75% probability of being exploited in the next 30 days.

0% Top 99.4th percentile of all CVEs 100%

CVSS v4.0 NEW

Source: VulnerabilityLookup (CIRCL)

9.3

CRITICAL

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

None

Privileges Required

None

User Interaction

None

Vulnerable System Confidentiality Impact

High

Vulnerable System Integrity Impact

High

Vulnerable System Availability Impact

High

Subsequent System Confidentiality Impact

None

Subsequent System Integrity Impact

None

Subsequent System Availability Impact

None

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

9.8

CRITICAL

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)

Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device

Affected Products

Edimax

IC-7100 IP Camera

All

edimax

ic-7100 firmware

Edimax

IC-7100 IP Camera

All

Attack Intelligence

CWE-707 · Improper Neutralization CWE-74 · Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77 · Command Injection CWE-78 · OS Command Injection

https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-08

Signal Intelligence

Confidenceⓘ

85%

EPSS 86.75%

CVSS v4.0 9.3

CVSS v3.1 9.8

Mentions 3

Last Seen Mar 07, 2025

CNA Information

CNA Assigner

icscert

CNA Title

Edimax IC-7100 IP Camera OS Command Injection

Analyst Note

CVE-2025-1316 was published 2025-03-04 and is actively exploited in botnet attacks against unpatched devices. The article explicitly states 'actively exploited in botnet attacks' and 'unpatched,' indicating exploitation occurring before widespread patch availability. The 2025 CVE year with immediate exploitation reports and critical CVSS (9.3/9.8) strongly support zero-day classification.