CVE-2025-34186
CriticalSummary
Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Unsanitized input is passed to a system() call for authentication, allowing attackers to inject special characters and manipulate command parsing.
Risk Assessment
Attackers can bypass authentication and gain full access to the system, posing a serious security threat to the organization.
Recommendation
It is recommended to update the server to a version that does not contain this vulnerability and implement additional security measures to protect against unauthorized access.
Original NVD description (English source)
Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Unsanitized input is passed to a system() call for authentication, allowing attackers to inject special characters and manipulate command parsing. Because the binary interprets non-zero exit codes from system() as successful authentication, remote attackers can bypass authentication and gain full access to the system.

