Execution with Unnecessary Privileges in Ilevia EVE X1 Server
CVE-2025-34515

9.3CRITICAL

Key Information:

Vendor: Ilevia Srl.
Status: Eve X1 Server
Vendor: CVE Published:; 16 October 2025

🔔 Create Ilevia Srl. Vulnerability Alert

What is CVE-2025-34515?

The Ilevia EVE X1 Server firmware versions up to 4.7.18.0.eden are affected by a vulnerability in the sync_project.sh script, which permits users to gain elevated privileges up to root. As a precaution, Ilevia advises users against exposing port 8080 to the internet, as this could exploit the scripting flaw. It is essential for administrators to apply necessary security measures to mitigate potential risks associated with this vulnerability.

Affected Version(s)

EVE X1 Server * <= 4.7.18.0.eden

References

https://www.ilevia.com/

product

https://www.vulncheck.com/advisories/ilevia-eve-x1-server...

third-party-advisory

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 16, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

Gjoko Krstic of Zero Science Lab

JSON