CVE-2025-34186

Critical CVSS: 9.3

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Unsanitized input is passed to a system() call for authentication, allowing attackers to inject special characters and manipulate command parsing. Due to the binary's interpretation of non-zero exit codes as successful authentication, remote attackers can bypass authentication and gain full access to the system.

Vendor

Ilevia

Product

Eve X1 Server Firmware

CWE

CWE-78

Yayın Tarihi

2025-09-16 20:15:34

Güncelleme

2025-09-25 14:56:49

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-78 Eve X1 Server Firmware CRITICAL Ilevia 2025

Referanslar

https://packetstorm.news/files/id/208871/ https://www.ilevia.com/ https://www.vulncheck.com/advisories/ilevia-eve-x1-x5-server-auth-bypass https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5958.php

Benzer Kayıtlar

Critical

CVE-2025-60739

Cross Site Request Forgery (CSRF) vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logi…

Medium

CVE-2025-60737

Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version

Critical

CVE-2025-60738

An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 2025_07_21 and before…

Critical

CVE-2025-34516

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials vulnerability that allows an…

High

CVE-2025-34517

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in get_file_cont…

High

CVE-2025-34518

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a relative path traversal vulnerability in get_file_conte…