📄 Ilevia EVE X1/X5 Server 4.7.18.0.eden Root Privilege Escalation

A critical privilege escalation vulnerability exists in Ilevia EVE X1/X5 Server versions 4.7.18.0.eden and below. This is a proof of concept exploit written in PHP...

Ilevia EVE X1/X5 Server 4.7.18.0.eden Authenticated Remote Command Injections

Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...

Ilevia EVE X1/X5 Server 4.7.18.0.eden Insecure Hashing Algorithm

Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...

CVE-2025-34187

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads...

CVE-2025-34186 Ilevia EVE X1/X5 Server 4.7.18.0.eden Authentication Bypass

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Unsanitized input is passed to a system call for authentication, allowing attackers to inject special characters and manipulate command parsing. Because the binary interprets non-zero exit...

PT-2025-38077

Name of the Vulnerable Software and Affected Versions: Ilevia EVE X1/X5 Server versions prior to 4.7.18.0.eden Description: Ilevia EVE X1/X5 Server contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-faci...

Ilevia EVE X1 Server和Ilevia EVE X5 Server 安全漏洞

Ilevia EVE X1 Server and Ilevia EVE X5 Server are both a smart home and building automation from Ilevia, Italy. A security vulnerability exists in Ilevia EVE X1 Server and Ilevia EVE X5 Server versions 4.7.18.0.eden and earlier, which stems from a misconfigured sudoers file and could lead to remo...

Ilevia EVE X1 Server和Ilevia EVE X5 Server 安全漏洞

Ilevia EVE X1 Server and Ilevia EVE X5 Server are both a smart home and building automation from Ilevia, Italy. A security vulnerability exists in Ilevia EVE X1 Server and Ilevia EVE X5 Server versions 4.7.18.0.eden and earlier, which stems from uncleaned inputs in the authentication mechanism...

PT-2025-38076

Name of the Vulnerable Software and Affected Versions Ilevia EVE X1/X5 Server versions prior to 4.7.18.0.eden Description The Ilevia EVE X1/X5 Server authentication mechanism has a flaw where unsanitized input is passed to a system call during authentication. This allows attackers to inject speci...