Back to search
CVE-2025-34187
Published: Sep 16, 2025
Modified: May 15, 2026
PUBLISHED
Description
Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads. Execution with sudo grants full root access, resulting in remote privilege escalation and potential system compromise.
| Vendor | Product | Versions |
|---|---|---|
Ilevia Srl. | EVE X1/X5 Server | affected 0 - <= 4.7.18.0.eden (Logic version: 6.00) |
References
https://www.ilevia.com/
product
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5959.php
technical-description
exploit
https://www.vulncheck.com/advisories/ilevia-eve-x1-x5-server-reverse-rootshell
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now