Ilevia Eve X1 Server Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Ilevia Eve X1 Server Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2025-34513 — CVSS 9.8 (critical): Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an OS command injection vulnerability in mbus_build_from_csv.php that…
CVE-2025-34184 — CVSS 9.8 (critical): Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php…
CVE-2025-60738 — CVSS 9.8 (critical): An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 2025_07_21 and before allows a remote…
CVE-2025-34186 — CVSS 9.8 (critical): Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Unsanitized input is passed to…
CVE-2025-34516 — CVSS 9.8 (critical): Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials vulnerability that allows an unauthenticated…
CVE-2025-34515 — CVSS 9.8 (critical): Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an execution with unnecessary privileges vulnerability in sync_project.sh…
CVE-2025-60739 — CVSS 9.6 (critical): Cross Site Request Forgery (CSRF) vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 -…
CVE-2025-34187 — CVSS 8.8 (high): Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of…
CVE-2025-34514 — CVSS 8.8 (high): Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain authenticated OS command injection vulnerabilities in multiple…
CVE-2025-34518 — CVSS 7.5 (high): Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a relative path traversal vulnerability in get_file_content.php that…
CVE-2025-34519 — CVSS 7.5 (high): Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords…
CVE-2025-34183 — CVSS 7.5 (high): Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a vulnerability in its server-side logging mechanism that allows unauthenticated…
CVE-2025-34517 — CVSS 7.5 (high): Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in get_file_content.php that…
CVE-2025-34185 — CVSS 7.5 (high): Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a pre-authentication file disclosure vulnerability via the 'db_log' POST parameter…
CVE-2025-34512 — CVSS 6.1 (medium): Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a reflected cross-site scripting (XSS) vulnerability in index.php that…
CVE-2025-60737 — CVSS 6.1 (medium): Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version<= 4.7.18.0.eden:Logic Version<=6.00 - 2025_07_21 allows a…