Unrated severityNVD Advisory· Published Sep 16, 2025· Updated Mar 23, 2026

Ilevia EVE X1/X5 Server 4.7.18.0.eden Authentication Bypass

CVE-2025-34186

Description

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Unsanitized input is passed to a system() call for authentication, allowing attackers to inject special characters and manipulate command parsing. Due to the binary's interpretation of non-zero exit codes as successful authentication, remote attackers can bypass authentication and gain full access to the system.

Affected products

Ilevia Srl./Eve X1/x5 Serverllm-fuzzy2 versions
<=4.7.18.0.eden+ 1 more
- (no CPE)range: <=4.7.18.0.eden
- (no CPE)range: *

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstorm.news/files/id/208871/mitreexploit
www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5958.phpmitretechnical-descriptionexploit
www.vulncheck.com/advisories/ilevia-eve-x1-x5-server-auth-bypassmitrethird-party-advisory
www.ilevia.commitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000