Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an OS command injection vulnerability in mbus_build_from_csv.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.
References
| Link | Resource |
|---|---|
| https://www.ilevia.com/ | Product |
| https://www.vulncheck.com/advisories/ilevia-eve-x1-server-unauth-command-injection | Third Party Advisory |
| https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5962.php | Exploit Third Party Advisory |
| https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5962.php | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
23 Oct 2025, 19:28
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Ilevia eve X1 Server
Ilevia eve X1 Server Firmware Ilevia |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
| CPE | cpe:2.3:h:ilevia:eve_x1_server:-:*:*:*:*:*:*:* cpe:2.3:o:ilevia:eve_x1_server_firmware:*:*:*:*:*:*:*:* |
|
| References | () https://www.ilevia.com/ - Product | |
| References | () https://www.vulncheck.com/advisories/ilevia-eve-x1-server-unauth-command-injection - Third Party Advisory | |
| References | () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5962.php - Exploit, Third Party Advisory |
16 Oct 2025, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5962.php - |
16 Oct 2025, 18:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-10-16 18:15
Updated : 2025-10-23 19:28
NVD link : CVE-2025-34513
Mitre link : CVE-2025-34513
CVE.ORG link : CVE-2025-34513
JSON object : View
Products Affected
ilevia
- eve_x1_server
- eve_x1_server_firmware
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')