Ilevia Eve_x1_server
16 CVEs affecting Ilevia Eve_x1_server. Latest disclosed: 2025-11-25. Critical: 7, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-60738 | Critical | 9.8 | 2025-11-20 | An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 2025_07_21 and before allows a remote attacker to execute arb… |
CVE-2025-34516 | Critical | 9.8 | 2025-10-16 | Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials vulnerability that allows an unauthenticated attacker to obtain rem… |
CVE-2025-34515 | Critical | 9.8 | 2025-10-16 | Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an execution with unnecessary privileges vulnerability in sync_project.sh that allows an attacke… |
CVE-2025-34513 | Critical | 9.8 | 2025-10-16 | Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an OS command injection vulnerability in mbus_build_from_csv.php that allows an unauthenticated… |
CVE-2025-34186 | Critical | 9.8 | 2025-09-16 | Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Unsanitized input is passed to a system() call for au… |
CVE-2025-34184 | Critical | 9.8 | 2025-09-16 | Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers… |
CVE-2025-60739 | Critical | 9.6 | 2025-11-25 | Cross Site Request Forgery (CSRF) vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 2025_07_21 allows a r… |
CVE-2025-34514 | High | 8.8 | 2025-10-16 | Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain authenticated OS command injection vulnerabilities in multiple web-accessible PHP scripts that c… |
CVE-2025-34187 | High | 8.8 | 2025-09-16 | Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If… |
CVE-2025-34519 | High | 7.5 | 2025-10-16 | Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash fun… |
CVE-2025-34518 | High | 7.5 | 2025-10-16 | Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a relative path traversal vulnerability in get_file_content.php that allows an attacker to read… |
CVE-2025-34517 | High | 7.5 | 2025-10-16 | Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in get_file_content.php that allows an attacker to read… |
CVE-2025-34185 | High | 7.5 | 2025-09-16 | Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a pre-authentication file disclosure vulnerability via the 'db_log' POST parameter. Remote attackers can… |
CVE-2025-34183 | High | 7.5 | 2025-09-16 | Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a vulnerability in its server-side logging mechanism that allows unauthenticated remote attackers to retr… |
CVE-2025-60737 | Medium | 6.1 | 2025-11-20 | Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version<= 4.7.18.0.eden:Logic Version<=6.00 - 2025_07_21 allows a remote attacker to execut… |
CVE-2025-34512 | Medium | 6.1 | 2025-10-16 | Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a reflected cross-site scripting (XSS) vulnerability in index.php that allows an unauthenticated… |