Back to search
CVE-2025-34514
Published: Oct 16, 2025
Modified: May 15, 2026
PUBLISHED
Description
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain authenticated OS command injection vulnerabilities in multiple web-accessible PHP scripts that call exec() and allow an authenticated attacker to execute arbitrary commands. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.
| Vendor | Product | Versions |
|---|---|---|
Ilevia Srl. | EVE X1 Server | affected 0 - <= 4.7.18.0.eden |
Weaknesses (CWE)
References
https://www.ilevia.com/
product
https://www.vulncheck.com/advisories/ilevia-eve-x1-server-auth-command-injection
third-party-advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5966.php
technical-description
exploit
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now