Vulnerability Description
Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads. Execution with sudo grants full root access, resulting in remote privilege escalation and potential system compromise.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ilevia | Eve X1 Server Firmware | <= 4.7.18.0 |
| Ilevia | Eve X1 Server | - |
Related Weaknesses (CWE)
References
- https://packetstorm.news/files/id/209226/ExploitPermissions RequiredThird Party Advisory
- https://www.ilevia.com/Product
- https://www.vulncheck.com/advisories/ilevia-eve-x1-x5-server-reverse-rootshellThird Party Advisory
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5959.phpExploitThird Party Advisory
FAQ
What is CVE-2025-34187?
CVE-2025-34187 is a vulnerability with a CVSS score of 8.8 (HIGH). Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing ...
How severe is CVE-2025-34187?
CVE-2025-34187 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-34187?
Check the references section above for vendor advisories and patch information. Affected products include: Ilevia Eve X1 Server Firmware, Ilevia Eve X1 Server.