Medium severity6.1NVD Advisory· Published Oct 16, 2025· Updated May 26, 2026
CVE-2025-34512
CVE-2025-34512
Description
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a reflected cross-site scripting (XSS) vulnerability in index.php that allows an unauthenticated attacker to execute arbitrary script in the victim's browser. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=4.7.18.0.eden+ 1 more
- (no CPE)range: <=4.7.18.0.eden
- (no CPE)range: *
Patches
Vulnerability mechanics
References
3- www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5961.phpnvdExploitThird Party Advisory
- www.vulncheck.com/advisories/ilevia-eve-x1-server-reflected-xssnvdThird Party Advisory
- www.ilevia.comnvdProduct
News mentions
0No linked articles in our index yet.