Security Advisory

CVE-2025-34514

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-10-16 17:56:16

Last updated 2026-05-15 11:15:44

Assigner VulnCheck

State PUBLISHED

Description

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain authenticated OS command injection vulnerabilities in multiple web-accessible PHP scripts that call exec() and allow an authenticated attacker to execute arbitrary commands. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.

← Browse all CVEs View on cve.org ↗