Summary: The Cybersecurity and Infrastructure Security Agency (CISA) has added three critical vulnerabilities to its Known Exploited Vulnerabilities Catalog, highlighting significant active threats in the cybersecurity landscape. The vulnerabilities impact Edimax IP cameras, NAKIVO Backup and Replication software, and SAP NetWeaver, each of which poses serious risks of system exploitation and data compromise. Organizations are urged to apply patches, enhance security configurations, and monitor for exploit attempts proactively.
Affected: Edimax, NAKIVO, SAP
Keypoints :
- Edimax IP cameras are being exploited by attackers to spread the Mirai botnet due to a critical command injection vulnerability (CVE-2025-1316).
- NAKIVO Backup and Replication has a critical path traversal vulnerability (CVE-2024-48248) that allows for unauthorized reading of sensitive files.
- SAP NetWeaver has a directory traversal vulnerability (CVE-2017-12637) that has been exploited since 2017, allowing unauthorized access to arbitrary files.
- CISA has mandated FCEB agencies to apply necessary patches by April 9, 2025; immediate action is recommended for all organizations.