CVE-2025-34513

Critical CVSS: 9.3

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an OS command injection vulnerability in mbus_build_from_csv.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.

Vendor

Ilevia

Product

Eve X1 Server Firmware

CWE

CWE-78

Yayın Tarihi

2025-10-16 18:15:35

Güncelleme

2025-10-23 19:28:18

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-78 Eve X1 Server Firmware CRITICAL Ilevia 2025

Referanslar

https://www.ilevia.com/ https://www.vulncheck.com/advisories/ilevia-eve-x1-server-unauth-command-injection https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5962.php https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5962.php

Benzer Kayıtlar

Critical

CVE-2025-60739

Cross Site Request Forgery (CSRF) vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logi…

Medium

CVE-2025-60737

Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version

Critical

CVE-2025-60738

An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 2025_07_21 and before…

Critical

CVE-2025-34516

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials vulnerability that allows an…

High

CVE-2025-34517

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in get_file_cont…

High

CVE-2025-34518

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a relative path traversal vulnerability in get_file_conte…