Back to search
CVE-2025-34512
Published: Oct 16, 2025
Modified: May 25, 2026
PUBLISHED
Description
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a reflected cross-site scripting (XSS) vulnerability in index.php that allows an unauthenticated attacker to execute arbitrary script in the victim's browser. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.
| Vendor | Product | Versions |
|---|---|---|
Ilevia Srl. | EVE X1 Server | affected 0 - <= 4.7.18.0.eden |
Weaknesses (CWE)
References
https://www.ilevia.com/
product
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5961.php
technical-description
exploit
https://www.vulncheck.com/advisories/ilevia-eve-x1-server-reflected-xss
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now