CVE-2025-60738

An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 20250721 and before allows a remote attacker to execute arbitrary code via the ping.php component does not perform secure filtering on IP parameters...

Ilevia EVE X1/X5 Server 4.7.18.0.eden Authenticated Remote Command Injections

Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...

Ilevia EVE X1/X5 Server 4.7.18.0.eden Insecure Hashing Algorithm

Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...

📄 Ilevia EVE X1 Server 4.7.18.0.eden Cross Site Scripting

Ilevia EVE X1 Server versions 4.7.18.0.eden and below suffer from a reflective cross site scripting vulnerability. Ilevia EVE X1 Server 4.7.18.0.eden Unauthenticated Reflected XSS Vendor: Ilevia Srl. Product web page: https://www.ilevia.com Affected version: =4.7.18.0.eden Summary: EVE is a smart...

CVE-2025-34517 Ilevia EVE X1 Server 4.7.18.0.eden Absolute Path Traversal

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in getfilecontent.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet...

CVE-2025-34512

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a reflected cross-site scripting XSS vulnerability in index.php that allows an unauthenticated attacker to execute arbitrary script in the victim's browser. Ilevia has declined to service this vulnerability, and recommends that...

CVE-2025-34518 Ilevia EVE X1 Server 4.7.18.0.eden Relative Path Traversal

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a relative path traversal vulnerability in getfilecontent.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet...

CVE-2025-34518

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a relative path traversal vulnerability in getfilecontent.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet...

CVE-2025-34515

The CVE-2025-34515 entry concerns Ilevia EVE X1/X5 Server firmware ≤ 4.7.18.0.eden where a misconfigured or vulnerable sync_project.sh script enables an attacker to escalate privileges to root. Publicly reported details from multiple sources (PacketStorm PoC references for Ilevia EVE X1/X5 Server...

CVE-2025-34513 Ilevia EVE X1 Server 4.7.18.0.eden Unauthenticated Command Injection

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an OS command injection vulnerability in mbusbuildfromcsv.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to...

Ilevia EVE X1 Server 安全漏洞

Ilevia EVE X1 Server is a smart home and building automation from Ilevia, Italy. A security vulnerability exists in Ilevia EVE X1 Server 4.7.18.0.eden and prior versions, which stems from a reflected cross-site scripting vulnerability in index.php that could lead to the execution of arbitrary cod...

Ilevia EVE X1 Server 安全漏洞

Ilevia EVE X1 Server is a smart home and building automation from Ilevia, Italy. A security vulnerability exists in Ilevia EVE X1 Server version 4.7.18.0.eden and prior versions, which stems from the use of default credentials and could lead to unauthorized remote access...

Ilevia EVE X1 Server 安全漏洞

Ilevia EVE X1 Server is a smart home and building automation from Ilevia, Italy. A security vulnerability exists in Ilevia EVE X1 Server 4.7.18.0.eden and earlier versions, which stems from the presence of a relative path traversal in getfilecontent.php, which could lead to reading arbitrary file...

CVE-2025-34183

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a vulnerability in its server-side logging mechanism that allows unauthenticated remote attackers to retrieve plaintext credentials from exposed .log files. This flaw enables full authentication bypass and system compromise through credential...

CVE-2025-34186

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Unsanitized input is passed to a system call for authentication, allowing attackers to inject special characters and manipulate command parsing. Due to the binary's interpretation of non-zero...

CVE-2025-34183

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a vulnerability in its server-side logging mechanism that allows unauthenticated remote attackers to retrieve plaintext credentials from exposed .log files. This flaw enables full authentication bypass and system compromise through credential...

CVE-2025-34186

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Unsanitized input is passed to a system call for authentication, allowing attackers to inject special characters and manipulate command parsing. Because the binary interprets non-zero exit...

Ilevia EVE X1 Server 安全漏洞

Ilevia EVE X1 Server is a smart home and building automation from Ilevia, Italy. A security vulnerability exists in Ilevia EVE X1 Server version 4.7.18.0.eden and prior versions, which stems from a server-side logging mechanism that exposes clear-text credentials, which could lead to authenticati...

Ilevia EVE X1 Server和Ilevia EVE X5 Server 安全漏洞

Ilevia EVE X1 Server and Ilevia EVE X5 Server are both a smart home and building automation from Ilevia, Italy. A security vulnerability exists in Ilevia EVE X1 Server and Ilevia EVE X5 Server versions 4.7.18.0.eden and earlier, which stems from a misconfigured sudoers file and could lead to remo...