exploitDog

CVE-2025-34514

Опубликовано: 16 окт. 2025

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain authenticated OS command injection vulnerabilities in multiple web-accessible PHP scripts that call exec() and allow an authenticated attacker to execute arbitrary commands. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.

Ссылки

https://www.ilevia.com/
Product
https://www.vulncheck.com/advisories/ilevia-eve-x1-server-auth-command-injection
Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5966.php

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:ilevia:eve_x1_server_firmware:*:*:*:*:*:*:*:*

Версия до 4.7.18.0 (включая)

cpe:2.3:h:ilevia:eve_x1_server:-:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00467

Низкий

8.8 High

CVSS3

Дефекты

CWE-78

Связанные уязвимости

GHSA-vrhc-cgwx-m2qw

CVSS3: 8.8

github

4 месяца назад

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain authenticated OS command injection vulnerabilities in multiple web-accessible PHP scripts that call exec() and allow an authenticated attacker to execute arbitrary commands. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.

EPSS

Процентиль: 64%

0.00467

Низкий

8.8 High

CVSS3

Дефекты

CWE-78