Use of Default Credentials in Ilevia EVE X1 Server Firmware
CVE-2025-34516

9.3CRITICAL

Key Information:

Vendor: Ilevia Srl.
Status: Eve X1 Server
Vendor: CVE Published:; 16 October 2025

🔔 Create Ilevia Srl. Vulnerability Alert

What is CVE-2025-34516?

The Ilevia EVE X1 Server firmware versions up to 4.7.18.0.eden contains a significant vulnerability stemming from the use of default credentials. This issue allows unauthenticated attackers to gain remote access, potentially compromising sensitive data and system integrity. Ilevia has opted not to provide a patch for this vulnerability and advises customers to refrain from exposing port 8080 to the internet to mitigate risks.

Affected Version(s)

EVE X1 Server * <= 4.7.18.0.eden

References

https://www.ilevia.com/

product

https://www.vulncheck.com/advisories/ilevia-eve-x1-server...

third-party-advisory

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 16, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

Gjoko Krstic of Zero Science Lab

JSON