CVE-2025-34516
Published: 16 October 2025
Description
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Security Summary
CVE-2025-34516 is a use of default credentials vulnerability (CWE-1392) in Ilevia EVE X1 Server firmware versions up to and including 4.7.18.0.eden. This issue allows an unauthenticated attacker to gain remote access to affected devices, earning a critical CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Any unauthenticated attacker with network access to the server, particularly port 8080, can exploit this vulnerability with low complexity and no privileges or user interaction required. Successful exploitation provides remote access, enabling high-impact compromise of confidentiality, integrity, and availability, such as executing arbitrary commands, modifying configurations, or disrupting device operations.
Advisories from sources including VulnCheck and Zero Science Lab indicate that Ilevia has declined to service or patch this vulnerability. The vendor recommends that customers avoid exposing port 8080 to the internet as the sole mitigation strategy.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Default credentials vulnerability in public-facing server (port 8080) enables initial access via T1190 (Exploit Public-Facing Application) and T1078.001 (Default Accounts).