Back to search
CVE-2025-34186
Published: Sep 16, 2025
Modified: May 26, 2026
PUBLISHED
Description
Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Unsanitized input is passed to a system() call for authentication, allowing attackers to inject special characters and manipulate command parsing. Because the binary interprets non-zero exit codes from system() as successful authentication, remote attackers can bypass authentication and gain full access to the system.
| Vendor | Product | Versions |
|---|---|---|
Ilevia Srl. | EVE X1/X5 Server | affected 0 - <= 4.7.18.0.eden (Logic version: 6.00) |
References
https://www.ilevia.com/
product
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5958.php
technical-description
exploit
https://www.vulncheck.com/advisories/ilevia-eve-x1-x5-server-auth-bypass
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now