Cyber Posture

CVE-2025-34514

HighPublic PoC

Published: 16 October 2025

Published
16 October 2025
Modified
25 November 2025
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0030 52.8th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may abuse Unix shell commands and scripts for execution.

Security Summary

CVE-2025-34514 is an authenticated OS command injection vulnerability (CWE-78) in Ilevia EVE X1 Server firmware versions up to and including 4.7.18.0.eden. The flaw exists in multiple web-accessible PHP scripts that invoke the exec() function, allowing injection of arbitrary commands.

An attacker with valid low-privilege authentication (PR:L) and network access (AV:N) can exploit the vulnerability with low attack complexity (AC:L) and no user interaction (UI:N). Exploitation enables execution of arbitrary operating system commands on the server, resulting in high impacts to confidentiality, integrity, and availability (CVSSv3.1 base score of 8.8, unchanged scope).

Ilevia has declined to service or patch this vulnerability and advises customers not to expose port 8080 to the internet. Further technical details are documented in advisories from VulnCheck and Zero Science Labs.

Details

CWE(s)
CWE-78

Affected Products

ilevia
eve x1 server firmware
≤ 4.7.18.0

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
Why these techniques?

The vulnerability is an authenticated OS command injection in web-accessible PHP scripts using exec(), enabling exploitation of a public-facing application (T1190) to execute arbitrary Unix shell commands (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References