Ilevia EVE X1/X5 Server 4.7.18.0.eden Reverse Rootshell_CVE-2025-34187

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads. Execution with sudo grants full root access, resulting in remote privilege escalation and potential system compromise.

Basic Information

ID CVE-2025-34187

Source VulnCheck

Published Sep 16, 2025 at 19:45

Modified Sep 16, 2025 at 20:24

Affected Product

Vendor Ilevia Srl.

Product EVE X1/X5 Server

Version *

Affected Versions Ilevia Srl. EVE X1/X5 Server *

CWE Classification

CWE-269 CWE-78

References

{
    "lastseen": "",
    "description": "Ilevia EVE X1/X5 Server version \u2264 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads. Execution with sudo grants full root access, resulting in remote privilege escalation and potential system compromise.",
    "published": "2025-09-16T19:45:42.015Z",
    "modified": "2025-09-16T20:24:31.801Z",
    "type": "cve",
    "title": "Ilevia EVE X1/X5 Server 4.7.18.0.eden Reverse Rootshell",
    "source": "VulnCheck",
    "references": "https://www.ilevia.com/\nhttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5959.php\nhttps://packetstorm.news/files/id/209226/\nhttps://www.vulncheck.com/advisories/ilevia-eve-x1-x5-server-reverse-rootshell",
    "id": "CVE-2025-34187",
    "bulletinFamily": "",
    "cwe": [
        "CWE-269",
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Ilevia Srl. EVE X1/X5 Server *",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EVE X1/X5 Server",
    "version": "*",
    "vendor": "Ilevia Srl.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}