CVE-2025-34184
BaseFortify
Publication date: 2025-09-16
Last updated on: 2025-09-25
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ilevia | eve_x1_server_firmware | to 4.7.18.0 (inc) |
| ilevia | eve_x1_server | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-34184 is an unauthenticated OS command injection vulnerability in the Ilevia EVE X1 Server version 4.7.18.0.eden. It exists in the /ajax/php/login.php script, where an attacker can inject malicious commands through the 'passwd' HTTP POST parameter without needing to authenticate. This allows the attacker to execute arbitrary system commands on the server remotely. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to full system compromise or denial of service on the affected server. An attacker can gain complete control over the system, potentially disrupting the management of electrical installations and building automation functions, which could affect residential, commercial, or industrial environments relying on the server. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can involve monitoring HTTP POST requests to the /ajax/php/login.php endpoint for suspicious payloads in the 'passwd' parameter that may indicate command injection attempts. Network intrusion detection systems (NIDS) can be configured to alert on unusual or shell command patterns in this parameter. Additionally, reviewing server logs for unexpected command execution or anomalies related to login.php may help. Specific commands are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable /ajax/php/login.php script, implementing network-level controls such as firewall rules to limit exposure, and monitoring for exploitation attempts. Since no official patch or fix has been provided by the vendor, consider isolating the affected server from untrusted networks and disabling the vulnerable service if possible. Applying strict input validation or web application firewall (WAF) rules to block malicious payloads targeting the 'passwd' parameter can also help reduce risk. [1]