What is CVE-2025-1338?

A medium-severity command injection vulnerability affects NUUO Camera up to version 20250203. Organizations must assess the risk and prioritize updates to mitigate potential exploitation.

What is the severity of CVE-2025-1338?

CVE-2025-1338 has a severity rating of MEDIUM with a CVSS base score of 6.9.

CVE-2025-1338 | Medium Vulnerability in NUUO Camera

A vulnerability was found in NUUO Camera up to 20250203. It has been declared as critical. This vulnerability affects the function print_file of the file /handle_config.php. The manipulation of the argument log leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Risk to organizations includes unauthorized command execution, which could lead to further system compromise.

With a CVSS score of 6.9, this vulnerability is classified as medium severity. Organizations using affected versions are advised to assess their exposure and implement necessary mitigations to prevent potential exploitation.

Vulnerability Details

The vulnerability is characterized as a command injection issue, specifically affecting the NUUO Camera's file handling mechanism. The CVSS score reflects a medium risk level, indicating that while the threat is serious, it may not be as immediately impactful as higher-severity vulnerabilities.

Technical Analysis

Root cause analysis indicates that improper validation of user input in the log argument allows for command injection. The attack vector is network-based, requiring no user interaction, and the attack complexity is low, making it easier for attackers to exploit.

Risk & Impact Analysis

Real-world deployment of NUUO Camera without necessary updates poses a risk of unauthorized command execution, potentially leading to data leakage or system downtime. Organizations should prioritize patching immediately.

Exploitation Status

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	No
Ransomware Use	No

Affected Versions

All versions prior to vendor patch are affected by this vulnerability.

Mitigation & Remediation

Organizations should apply relevant patches as soon as they are available. For additional support, organizations can utilize penetration testing services to validate their remediation efforts.

Detection Guidance

Monitoring logs for suspicious command execution attempts, and unusual access patterns can help in early detection of exploitation attempts.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability indicates a broader trend in command injection vulnerabilities affecting networked devices. Security teams should consider implementing robust input validation mechanisms to mitigate similar risks in future systems. For further reading on securing application environments, organizations can consult vulnerability management programs and explore best practices in API security testing to enhance their defenses.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-1338: Medium Vulnerability in NUUO Camera