Security Affairs reports that ongoing attacks leveraging a trio of security issues in Edimax IP cameras, NAKIVO's Backup and Replication solution, and the SAP NetWeaver software stack have prompted their inclusion in the Cybersecurity and Infrastructure Security Agency's (CISAs) Known Exploited Vulnerabilities (KEV) catalog, with federal agencies ordered to address the bugs by April 9.
Most severe of the newly-added flaws is the Edimax IC-7100 IP camera OS command injection vulnerability, tracked as CVE-2025-1316, which has been exploited by numerous Mirai-based botnets since May. With the vulnerability unlikely to be patched as the product has reached end-of-life, organizations have been urged to use up-to-date cameras instead.
All NAKIVO Backup and Replication versions prior to 10.11.3.86570 have been impacted by the path traversal bug, tracked as CVE-2024-48248, which could be used to compromise sensitive files, while SAP NetWeaver Application Server Java 7.5 was affected by the directory traversal flaw, tracked as CVE-2017-12637, which attackers could abuse for arbitrary file access.
