# [CRIT] CISA KEV: CVE-2025-1316 — Edimax IC-7100 IP Camera OS Command Injection Vulnerability

**Source:** CISA KEV
**Published:** 2025-03-19
**Article:** https://www.cisa.gov/known-exploited-vulnerabilities-catalog

## Threat Profile

CISA KEV entry. The U.S. federal "Known Exploited Vulnerabilities" catalog only adds CVEs that have been **observed exploited in the wild**. Federal civilian agencies are required to remediate by the published due date; the same prioritisation logic applies to any sensible enterprise SOC.

Vendor / Product: **Edimax IC-7100 IP Camera OS Command Injection**

## Indicators of Compromise

- CVE-2025-1316 — match against your vulnerability scanner

## MITRE ATT&CK

- **T1190 — Exploit Public-Facing Application** (KEV implies active exploitation against exposed assets)

## Recommended hunts

Standard asset-exposure hunt — the canonical Splunk SPL and Defender KQL
live once in [`../_TEMPLATES.md#asset-exposure`](../_TEMPLATES.md#asset-exposure).
Substitute this CVE wherever the template references `<CVE>`:

- **CVE:** `CVE-2025-1316`

## Why this matters

Anything in CISA KEV is *currently* being exploited. Even if your scanners say "not vulnerable" because of patches, it's worth one quick check across your fleet — patch lag is the silent killer. Federal due-date dates also frequently match the timing your organisation will be asked about by auditors / regulators.

## Source body

Edimax IC-7100 IP camera contains an OS command injection vulnerability due to improper input sanitization that allows an attacker to achieve remote code execution via specially crafted requests. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. Vendor: Edimax, Product: IC-7100 IP Camera. Federal patch due: 2025-04-09. CVE-2025-1316