CVE-2025-34516

Critical CVSS: 9.3

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials vulnerability that allows an unauthenticated attacker to obtain remote access. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.

Vendor

Ilevia

Product

Eve X1 Server Firmware

CWE

CWE-1392

Yayın Tarihi

2025-10-16 18:15:36

Güncelleme

2025-11-03 19:15:52

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-1392 Eve X1 Server Firmware CRITICAL Ilevia 2025

Referanslar

https://www.ilevia.com/ https://www.vulncheck.com/advisories/ilevia-eve-x1-server-use-of-default-credentials https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5963.php

Benzer Kayıtlar

Critical

CVE-2025-60739

Cross Site Request Forgery (CSRF) vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logi…

Medium

CVE-2025-60737

Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version

Critical

CVE-2025-60738

An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 2025_07_21 and before…

High

CVE-2025-34517

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in get_file_cont…

High

CVE-2025-34518

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a relative path traversal vulnerability in get_file_conte…

High

CVE-2025-34519

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product…