CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-34514

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain authenticated OS command injection vulnerabilities in multiple web-accessible PHP scripts that call exec() and allow an authenticated attacker to execute arbitrary commands. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 71.7%

CVSS Severity

CVSS v3 Score 8.8

References

https://www.ilevia.com/
https://www.vulncheck.com/advisories/ilevia-eve-x1-server-auth-command-injection

Products affected by CVE-2025-34514

Ilevia » Eve X1 Server » Version: N/A

cpe:2.3:h:ilevia:eve_x1_server:-
Ilevia » Eve X1 Server Firmware » Version: Any

cpe:2.3:o:ilevia:eve_x1_server_firmware:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-34514

Products

Pricing

Contact Us