cvedb.io
CVE-2025-34187
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2025-09-16T20:15:34.860 · Last modified 2026-06-17T09:13:36.917

Summary

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads. Execution with sudo grants full root access, resulting in remote privilege escalation and potential system compromise.

Affected products

ilevia — eve_x1_server_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when ilevia ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.