CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-34187

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads. Execution with sudo grants full root access, resulting in remote privilege escalation and potential system compromise.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.016

EPSS Ranking 81.2%

CVSS Severity

CVSS v3 Score 8.8

References

https://packetstorm.news/files/id/209226/
https://www.ilevia.com/
https://www.vulncheck.com/advisories/ilevia-eve-x1-x5-server-reverse-rootshell
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5959.php

Products affected by CVE-2025-34187

Ilevia » Eve X1 Server » Version: N/A

cpe:2.3:h:ilevia:eve_x1_server:-
Ilevia » Eve X1 Server Firmware » Version: Any

cpe:2.3:o:ilevia:eve_x1_server_firmware:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-34187

Products

Pricing

Contact Us