CVE-2025-34516

CRITICAL

Ilevia EVE X1 Server <4.7.18.0.eden - Default Credentials

Title source: llm

Description

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials vulnerability that allows an unauthenticated attacker to obtain remote access. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.

References (3)

[Product] https://www.ilevia.com/

[Third Party Advisory] https://www.vulncheck.com/advisories/ilevia-eve-x1-server-use-of-default-credentials

[Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5963.php

Scores

CVSS v3 9.8

EPSS 0.0017

EPSS Percentile 38.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-1392

Status published

Products (2)

ilevia/eve_x1_server_firmware < 4.7.18.0

Ilevia Srl./EVE X1 Server < 4.7.18.0.eden

Published Oct 16, 2025

Tracked Since Feb 18, 2026