VYPR
Unrated severityNVD Advisory· Published Sep 16, 2025· Updated Mar 23, 2026

Ilevia EVE X1 Server 4.7.18.0.eden Neuro-Core Unauthenticated Code Injection

CVE-2025-34184

Description

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST parameter, leading to full system compromise or denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.