Back to search
CVE-2025-34515
Published: Oct 16, 2025
Modified: May 15, 2026
PUBLISHED
Description
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an execution with unnecessary privileges vulnerability in sync_project.sh that allows an attacker to escalate privileges to root. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.
| Vendor | Product | Versions |
|---|---|---|
Ilevia Srl. | EVE X1 Server | affected 0 - <= 4.7.18.0.eden |
Weaknesses (CWE)
References
https://www.ilevia.com/
product
https://www.vulncheck.com/advisories/ilevia-eve-x1-server-root-priv-esc
third-party-advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5965.php
technical-description
exploit
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now