Filtered by vendor Ilevia
Subscriptions
Filtered by product Eve X5 Server
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-34186 | 1 Ilevia | 3 Eve X1 Server, Eve X1 Server Firmware, Eve X5 Server | 2025-09-25 | 9.8 Critical |
| Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Unsanitized input is passed to a system() call for authentication, allowing attackers to inject special characters and manipulate command parsing. Due to the binary's interpretation of non-zero exit codes as successful authentication, remote attackers can bypass authentication and gain full access to the system. | ||||
| CVE-2025-34187 | 1 Ilevia | 3 Eve X1 Server, Eve X1 Server Firmware, Eve X5 Server | 2025-09-25 | 8.8 High |
| Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads. Execution with sudo grants full root access, resulting in remote privilege escalation and potential system compromise. | ||||
Page 1 of 1.