CVE-2025-34184 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers…
Critical CVSS: 9.3

CVE-2025-34184

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST parameter, leading to full system compromise or denial of service.
Vendor
Ilevia
Product
Eve X1 Server Firmware
CWE
CWE-78
Yayın Tarihi
2025-09-16 20:15:34
Güncelleme
2025-09-25 14:56:30
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-78 Eve X1 Server Firmware CRITICAL Ilevia 2025

Referanslar

https://packetstorm.news/files/id/207717/ https://www.ilevia.com/ https://www.vulncheck.com/advisories/ilevia-eve-x1-server-neuro-code-unauth-code-injection https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5956.php https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5956.php