Ilevia

Eve X1 Server Firmware

17 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.3

CVE-2025-14276

Exploit
  • EPSS 1.95%
  • Veröffentlicht 08.12.2025 21:32:08
  • Zuletzt bearbeitet 24.02.2026 06:16:20

A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.eden. Impacted is an unknown function of the file /ajax/php/leaf_search.php. This manipulation of the argument line causes command injection. The attack can be initiated remotely. A...

9.6

CVE-2025-60739

Exploit
  • EPSS 0.11%
  • Veröffentlicht 25.11.2025 00:00:00
  • Zuletzt bearbeitet 30.12.2025 17:04:56

Cross Site Request Forgery (CSRF) vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 2025_07_21 allows a remote attacker to execute arbitrary code via the /bh_web_backend component

6.1

CVE-2025-60737

Exploit
  • EPSS 0.1%
  • Veröffentlicht 20.11.2025 00:00:00
  • Zuletzt bearbeitet 12.12.2025 15:32:10

Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version<= 4.7.18.0.eden:Logic Version<=6.00 - 2025_07_21 allows a remote attacker to execute arbitrary code via the /index.php component

9.8

CVE-2025-60738

Exploit
  • EPSS 0.55%
  • Veröffentlicht 20.11.2025 00:00:00
  • Zuletzt bearbeitet 15.01.2026 18:57:44

An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 2025_07_21 and before allows a remote attacker to execute arbitrary code via the ping.php component does not perform secure filtering on IP parameters

7.5

CVE-2025-34517

Exploit
  • EPSS 0.09%
  • Veröffentlicht 16.10.2025 17:56:53
  • Zuletzt bearbeitet 23.10.2025 19:16:38

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in get_file_content.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends that cu...

8.8

CVE-2025-34514

  • EPSS 0.53%
  • Veröffentlicht 16.10.2025 17:56:16
  • Zuletzt bearbeitet 25.11.2025 17:15:49

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain authenticated OS command injection vulnerabilities in multiple web-accessible PHP scripts that call exec() and allow an authenticated attacker to execute arbitrary commands. Ilevia has de...

7.5

CVE-2025-34519

  • EPSS 0.02%
  • Veröffentlicht 16.10.2025 17:55:50
  • Zuletzt bearbeitet 06.11.2025 19:15:41

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is a fast, unsalted hash, an attack...

6.1

CVE-2025-34512

Exploit
  • EPSS 0.17%
  • Veröffentlicht 16.10.2025 17:55:29
  • Zuletzt bearbeitet 23.10.2025 19:33:42

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a reflected cross-site scripting (XSS) vulnerability in index.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and...

7.5

CVE-2025-34518

Exploit
  • EPSS 0.09%
  • Veröffentlicht 16.10.2025 17:55:00
  • Zuletzt bearbeitet 23.10.2025 19:13:59

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a relative path traversal vulnerability in get_file_content.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends that cus...

9.8

CVE-2025-34515

  • EPSS 0.16%
  • Veröffentlicht 16.10.2025 17:54:36
  • Zuletzt bearbeitet 06.11.2025 19:15:41

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an execution with unnecessary privileges vulnerability in sync_project.sh that allows an attacker to escalate privileges to root. Ilevia has declined to service this vulnerability, and re...