CVE-2018-25118 – GeoVision Command Injection RCE via /PictureCatch.cgi

CVE ID : CVE-2018-25118

Published : Oct. 20, 2025, 10:15 p.m. | 26 minutes ago

Description : GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injection vulnerability via /PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. VulnCheck has observed this vulnerability being exploited in the wild as of 2025-10-19 08:55:13.141502 UTC.

Severity: 9.3 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…