【Vulnerability Alert】A security vulnerability (CVE-2018-25118) has been identified in GeoVision. Please verify and apply the necessary patches as soon as possible.

publish date : 2025-10-31 update date : 2025-10-31

Source: Ministry of education information & communication security contingency platform

"" "" ""


Publication Number	TACERT-ANA-2025102901100505	Publication Time	2025/10/29 13:14
Incident Type	ANA-Vulnerability Alert	Discovery Time	2025/10/29 13:14
Impact Level	Medium
[Subject] 【Vulnerability Alert】A security vulnerability (CVE-2018-25118) has been identified in GeoVision. Please verify and apply the necessary patches as soon as possible.
[Content] Forwarded from the National Institute of Cyber Security NISAC-200-202510-00000262 Researchers have discovered an OS Command Injection vulnerability (CVE-2018-25118) in GeoVision embedded IP devices. An unauthenticated remote attacker could inject arbitrary operating system commands and execute them on the affected device. This vulnerability has already been exploited by attackers. Please verify and apply the necessary security patches as soon as possible. Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] GV-BX1500、GV-MFD1501 and other embedded IP devices with firmware release dates before December 2017.
[Recommended Actions] Please update the firmware to the latest version
[Reference] 1. https://nvd.nist.gov/vuln/detail/CVE-2018-25118 2. https://www.vulncheck.com/advisories/geovision-command-injection-rce-picture-catch-cgi

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center

Click Num:

Share