VYPR
Unrated severityNVD Advisory· Published Oct 16, 2025· Updated Mar 23, 2026

Ilevia EVE X1 Server 4.7.18.0.eden Unauthenticated Command Injection

CVE-2025-34513

Description

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an OS command injection vulnerability in mbus_build_from_csv.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.