CVE Catalog

CVE-2025-34186

Critical
Published: Translated: NVD NIST

Summary

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Unsanitized input is passed to a system() call for authentication, allowing attackers to inject special characters and manipulate command parsing.

Risk Assessment

Attackers can bypass authentication and gain full access to the system, posing a serious security threat to the organization.

Recommendation

It is recommended to update the server to a version that does not contain this vulnerability and implement additional security measures to protect against unauthorized access.

Original NVD description (English source)

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Unsanitized input is passed to a system() call for authentication, allowing attackers to inject special characters and manipulate command parsing. Because the binary interprets non-zero exit codes from system() as successful authentication, remote attackers can bypass authentication and gain full access to the system.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS