Ilevia Srl Eve X1 X5 Server vulnerabilities
2 known vulnerabilities affecting ilevia_srl/eve_x1_x5_server.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2025-34186P2CRITICALCVSS 9.8≤ 4.7.18.0.eden (Logic version: 6.00)2025-09-16
CVE-2025-34186 [CRITICAL] CWE-78 CVE-2025-34186: Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mecha
Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Unsanitized input is passed to a system() call for authentication, allowing attackers to inject special characters and manipulate command parsing. Because the binary interprets non-zero exit codes from system() as successful authentication, rem
nvd
CVE-2025-34187P2HIGHCVSS 8.8≤ 4.7.18.0.eden (Logic version: 6.00)2025-09-16
CVE-2025-34187 [HIGH] CWE-78 CVE-2025-34187: Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that
Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads. Execution with sudo grants full root access, resulting in r
nvd