Ilevia Eve_x1_server

16 CVEs affecting Ilevia Eve_x1_server. Latest disclosed: 2025-11-25. Critical: 7, High: 7.

Top CVEs affecting Ilevia Eve_x1_server
CVESeverityScorePublishedSummary
CVE-2025-60738Critical9.82025-11-20An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 2025_07_21 and before allows a remote attacker to execute arb…
CVE-2025-34516Critical9.82025-10-16Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials vulnerability that allows an unauthenticated attacker to obtain rem…
CVE-2025-34515Critical9.82025-10-16Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an execution with unnecessary privileges vulnerability in sync_project.sh that allows an attacke…
CVE-2025-34513Critical9.82025-10-16Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an OS command injection vulnerability in mbus_build_from_csv.php that allows an unauthenticated…
CVE-2025-34186Critical9.82025-09-16Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Unsanitized input is passed to a system() call for au…
CVE-2025-34184Critical9.82025-09-16Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers…
CVE-2025-60739Critical9.62025-11-25Cross Site Request Forgery (CSRF) vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 2025_07_21 allows a r…
CVE-2025-34514High8.82025-10-16Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain authenticated OS command injection vulnerabilities in multiple web-accessible PHP scripts that c…
CVE-2025-34187High8.82025-09-16Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If…
CVE-2025-34519High7.52025-10-16Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash fun…
CVE-2025-34518High7.52025-10-16Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a relative path traversal vulnerability in get_file_content.php that allows an attacker to read…
CVE-2025-34517High7.52025-10-16Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in get_file_content.php that allows an attacker to read…
CVE-2025-34185High7.52025-09-16Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a pre-authentication file disclosure vulnerability via the 'db_log' POST parameter. Remote attackers can…
CVE-2025-34183High7.52025-09-16Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a vulnerability in its server-side logging mechanism that allows unauthenticated remote attackers to retr…
CVE-2025-60737Medium6.12025-11-20Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version<= 4.7.18.0.eden:Logic Version<=6.00 - 2025_07_21 allows a remote attacker to execut…
CVE-2025-34512Medium6.12025-10-16Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a reflected cross-site scripting (XSS) vulnerability in index.php that allows an unauthenticated…