CVE-2025-60739

Critical CVSS: 9.6

Cross Site Request Forgery (CSRF) vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 2025_07_21 allows a remote attacker to execute arbitrary code via the /bh_web_backend component

Vendor

Ilevia

Product

Eve X1 Server Firmware

CWE

CWE-79

Yayın Tarihi

2025-11-25 16:16:07

Güncelleme

2025-12-30 17:04:56

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Eve X1 Server Firmware CRITICAL Ilevia 2025

Referanslar

https://github.com/iSee857/ilevia-EVE-X1-Server-CSRF

Benzer Kayıtlar

Medium

CVE-2025-60737

Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version

Critical

CVE-2025-60738

An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 2025_07_21 and before…

Critical

CVE-2025-34516

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials vulnerability that allows an…

High

CVE-2025-34517

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in get_file_cont…

High

CVE-2025-34518

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a relative path traversal vulnerability in get_file_conte…

High

CVE-2025-34519

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product…