CVE-2025-34187

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-34187
Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads. Execution with sudo grants full root access, resulting in remote privilege escalation and potential system compromise.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://packetstorm.news/files/id/209226/ Exploit Third Party Advisory Permissions Required
https://www.ilevia.com/ Product
https://www.vulncheck.com/advisories/ilevia-eve-x1-x5-server-reverse-rootshell Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5959.php Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:ilevia:eve_x1_server_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ilevia:eve_x1_server:-:*:*:*:*:*:*:*
History

25 Sep 2025, 14:51

Type Values Removed Values Added
First Time Ilevia eve X1 Server
Ilevia eve X1 Server Firmware
Ilevia
References () https://packetstorm.news/files/id/209226/ - () https://packetstorm.news/files/id/209226/ - Exploit, Third Party Advisory, Permissions Required
References () https://www.ilevia.com/ - () https://www.ilevia.com/ - Product
References () https://www.vulncheck.com/advisories/ilevia-eve-x1-x5-server-reverse-rootshell - () https://www.vulncheck.com/advisories/ilevia-eve-x1-x5-server-reverse-rootshell - Third Party Advisory
References () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5959.php - () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5959.php - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8
CPE cpe:2.3:h:ilevia:eve_x1_server:-:*:*:*:*:*:*:*
cpe:2.3:o:ilevia:eve_x1_server_firmware:*:*:*:*:*:*:*:*

16 Sep 2025, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-09-16 20:15

Updated : 2025-09-25 14:51

NVD link : CVE-2025-34187

Mitre link : CVE-2025-34187

CVE.ORG link : CVE-2025-34187

JSON object : View

Products Affected

ilevia

  • eve_x1_server
  • eve_x1_server_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-269

Improper Privilege Management