Vulnerability Description
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an OS command injection vulnerability in mbus_build_from_csv.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ilevia | Eve X1 Server Firmware | <= 4.7.18.0 |
| Ilevia | Eve X1 Server | - |
Related Weaknesses (CWE)
References
- https://www.ilevia.com/Product
- https://www.vulncheck.com/advisories/ilevia-eve-x1-server-unauth-command-injectiThird Party Advisory
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5962.phpExploitThird Party Advisory
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5962.phpExploitThird Party Advisory
FAQ
What is CVE-2025-34513?
CVE-2025-34513 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an OS command injection vulnerability in mbus_build_from_csv.php that allows an unauthenticated attacker to execute arbitrary code. Ilevi...
How severe is CVE-2025-34513?
CVE-2025-34513 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-34513?
Check the references section above for vendor advisories and patch information. Affected products include: Ilevia Eve X1 Server Firmware, Ilevia Eve X1 Server.