Unrated severityNVD Advisory· Published Oct 16, 2025· Updated Mar 23, 2026
Ilevia EVE X1 Server 4.7.18.0.eden Unauthenticated Command Injection
CVE-2025-34513
Description
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an OS command injection vulnerability in mbus_build_from_csv.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<= 4.7.18.0.eden+ 1 more
- (no CPE)range: <= 4.7.18.0.eden
- (no CPE)range: *
Patches
Vulnerability mechanics
References
3- www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5962.phpmitretechnical-descriptionexploit
- www.vulncheck.com/advisories/ilevia-eve-x1-server-unauth-command-injectionmitrethird-party-advisory
- www.ilevia.commitreproduct
News mentions
0No linked articles in our index yet.