CVE-2018-25118 - Vulnerability Details - OpenCVE

GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injection vulnerability via /PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. VulnCheck has observed this vulnerability being exploited in the wild as of 2025-10-19 08:55:13.141502 UTC.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://github.com/mcw0/PoC/blob/fb06efe05b7e240dc88ff31eb30e1ef345509dce/Geovision-PoC.py#L15
https://www.exploit-db.com/exploits/43982
https://www.geovision.com.tw/blog/?cat=14
https://www.vulncheck.com/advisories/geovision-command-injection-rce-picture-catch-cgi

History

Mon, 20 Oct 2025 21:30:00 +0000

Type	Values Removed	Values Added
Description		GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injection vulnerability via /PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. VulnCheck has observed this vulnerability being exploited in the wild as of 2025-10-19 08:55:13.141502 UTC.
Title		GeoVision Command Injection RCE via /PictureCatch.cgi
Weaknesses		CWE-78
References		https://github.com/mcw0/PoC/blob/fb06efe05b7e240dc88ff31eb30e1ef345509dce/Geovision-PoC.py#L15 https://www.exploit-db.com/exploits/43982 https://www.geovision.com.tw/blog/?cat=14 https://www.vulncheck.com/advisories/geovision-command-injection-rce-picture-catch-cgi
Metrics		cvssV4_0 `{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2025-10-20T21:14:41.304Z

Updated: 2025-10-20T21:14:41.304Z

Reserved: 2025-10-20T17:58:13.659Z

Link: CVE-2018-25118

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-10-20T22:15:35.667

Modified: 2025-10-20T22:15:35.667

Link: CVE-2018-25118

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2018-25118", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2025-10-20T17:58:13.659Z", "datePublished": "2025-10-20T21:14:41.304Z", "dateUpdated": "2025-10-20T21:14:41.304Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["GeoVision web services (PictureCatch.cgi)"], "product": "GV-BX1500", "vendor": "GeoVision Inc.", "versions": [{"lessThan": "November/December 2017 firmware", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["GeoVision web services (PictureCatch.cgi)"], "product": "GV-MFD1501", "vendor": "GeoVision Inc.", "versions": [{"lessThan": "November/December 2017 firmware", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["GeoVision web services (PictureCatch.cgi)"], "product": "GeoVision embedded IP devices", "vendor": "GeoVision Inc.", "versions": [{"lessThan": "November/December 2017 firmware", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "bashis"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injection vulnerability via /PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. VulnCheck has observed this vulnerability being exploited in the wild as of 2025-10-19 08:55:13.141502 UTC.<br>"}], "value": "GeoVision embedded IP devices, confirmed on\u00a0GV-BX1500 and\u00a0GV-MFD1501, contain a remote command injection vulnerability via\u00a0/PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. VulnCheck has observed this vulnerability being exploited in the wild as of 2025-10-19 08:55:13.141502 UTC."}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-10-20T21:14:41.304Z"}, "references": [{"tags": ["exploit"], "url": "https://www.exploit-db.com/exploits/43982"}, {"tags": ["exploit"], "url": "https://github.com/mcw0/PoC/blob/fb06efe05b7e240dc88ff31eb30e1ef345509dce/Geovision-PoC.py#L15"}, {"tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/geovision-command-injection-rce-picture-catch-cgi"}, {"tags": ["release-notes", "patch"], "url": "https://www.geovision.com.tw/blog/?cat=14"}], "source": {"discovery": "UNKNOWN"}, "tags": ["x_known-exploited-vulnerability"], "title": "GeoVision Command Injection RCE via /PictureCatch.cgi", "x_generator": {"engine": "Vulnogram 0.2.0"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "GeoVision embedded IP devices, confirmed on\u00a0GV-BX1500 and\u00a0GV-MFD1501, contain a remote command injection vulnerability via\u00a0/PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. VulnCheck has observed this vulnerability being exploited in the wild as of 2025-10-19 08:55:13.141502 UTC."}], "id": "CVE-2018-25118", "lastModified": "2025-10-20T22:15:35.667", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2025-10-20T22:15:35.667", "references": [{"source": "disclosure@vulncheck.com", "url": "https://github.com/mcw0/PoC/blob/fb06efe05b7e240dc88ff31eb30e1ef345509dce/Geovision-PoC.py#L15"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/43982"}, {"source": "disclosure@vulncheck.com", "url": "https://www.geovision.com.tw/blog/?cat=14"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/geovision-command-injection-rce-picture-catch-cgi"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}