Critical severity9.8NVD Advisory· Published Sep 16, 2025· Updated May 26, 2026
CVE-2025-34186
CVE-2025-34186
Description
Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Unsanitized input is passed to a system() call for authentication, allowing attackers to inject special characters and manipulate command parsing. Because the binary interprets non-zero exit codes from system() as successful authentication, remote attackers can bypass authentication and gain full access to the system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=4.7.18.0.eden+ 1 more
- (no CPE)range: <=4.7.18.0.eden
- (no CPE)range: *
Patches
Vulnerability mechanics
References
4- packetstorm.news/files/id/208871/nvdExploitThird Party Advisory
- www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5958.phpnvdExploitThird Party Advisory
- www.vulncheck.com/advisories/ilevia-eve-x1-x5-server-auth-bypassnvdThird Party Advisory
- www.ilevia.comnvdProduct
News mentions
0No linked articles in our index yet.