CVE-2025-34186

UNKNOWN 0.0

Ilevia EVE X1/X5 Server 4.7.18.0.eden Authentication Bypass

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Unsanitized input is passed to a system() call for authentication, allowing attackers to inject special characters and manipulate command parsing. Due to the binary's interpretation of non-zero exit codes as successful authentication, remote attackers can bypass authentication and gain full access to the system.

CWE	CWE-287 CWE-78
Vendor	ilevia srl.
Product	eve x1/x5 server
Published	Sep 16, 2025
Last Updated	Mar 23, 2026

Stay Ahead of the Next One

Get instant alerts for ilevia srl. eve x1/x5 server

Be the first to know when new unknown vulnerabilities affecting ilevia srl. eve x1/x5 server are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Ilevia Srl. / EVE X1/X5 Server

* ≤ 4.7.18.0.eden (Logic version: 6.00)

References

NVD ↗ CVE.org ↗ EPSS Data ↗

ilevia.com: https://www.ilevia.com/ zeroscience.mk: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5958.php packetstorm.news: https://packetstorm.news/files/id/208871/ vulncheck.com: https://www.vulncheck.com/advisories/ilevia-eve-x1-x5-server-auth-bypass

Credits

Gjoko Krstic of Zero Science Lab