CVE-2025-34187

Critical CVSS: 9.3

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads. Execution with sudo grants full root access, resulting in remote privilege escalation and potential system compromise.

Vendor

Ilevia

Product

Eve X1 Server Firmware

CWE

CWE-78

Yayın Tarihi

2025-09-16 20:15:34

Güncelleme

2025-09-25 14:51:36

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-78 Eve X1 Server Firmware CRITICAL Ilevia 2025

Referanslar

https://packetstorm.news/files/id/209226/ https://www.ilevia.com/ https://www.vulncheck.com/advisories/ilevia-eve-x1-x5-server-reverse-rootshell https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5959.php

Benzer Kayıtlar

Critical

CVE-2025-60739

Cross Site Request Forgery (CSRF) vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logi…

Medium

CVE-2025-60737

Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version

Critical

CVE-2025-60738

An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 2025_07_21 and before…

Critical

CVE-2025-34516

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials vulnerability that allows an…

High

CVE-2025-34517

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in get_file_cont…

High

CVE-2025-34518

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a relative path traversal vulnerability in get_file_conte…