CVE-2025-34184
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-16

Last updated on: 2025-09-25

Assigner: VulnCheck

Description
Ilevia EVE X1 Server version ≀ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST parameter, leading to full system compromise or denial of service.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-16
Last Modified
2025-09-25
Generated
2026-06-16
AI Q&A
2025-09-16
EPSS Evaluated
2026-06-15
NVD
CVE-2025-34184
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
ilevia eve_x1_server_firmware to 4.7.18.0 (inc)
ilevia eve_x1_server *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-34184 is an unauthenticated OS command injection vulnerability in the Ilevia EVE X1 Server version 4.7.18.0.eden. It exists in the /ajax/php/login.php script, where an attacker can inject malicious commands through the 'passwd' HTTP POST parameter without needing to authenticate. This allows the attacker to execute arbitrary system commands on the server remotely. [1, 2]

Impact Analysis

This vulnerability can lead to full system compromise or denial of service on the affected server. An attacker can gain complete control over the system, potentially disrupting the management of electrical installations and building automation functions, which could affect residential, commercial, or industrial environments relying on the server. [1, 2]

Detection Guidance

Detection can involve monitoring HTTP POST requests to the /ajax/php/login.php endpoint for suspicious payloads in the 'passwd' parameter that may indicate command injection attempts. Network intrusion detection systems (NIDS) can be configured to alert on unusual or shell command patterns in this parameter. Additionally, reviewing server logs for unexpected command execution or anomalies related to login.php may help. Specific commands are not provided in the resources. [1]

Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable /ajax/php/login.php script, implementing network-level controls such as firewall rules to limit exposure, and monitoring for exploitation attempts. Since no official patch or fix has been provided by the vendor, consider isolating the affected server from untrusted networks and disabling the vulnerable service if possible. Applying strict input validation or web application firewall (WAF) rules to block malicious payloads targeting the 'passwd' parameter can also help reduce risk. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-34184. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart