CVE-2025-34515
BaseFortify
Publication date: 2025-10-16
Last updated on: 2025-11-06
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ilevia | eve_x1_server_firmware | to 4.7.18.0 (inc) |
| ilevia | eve_x1_server | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-250 | The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Ilevia EVE X1 Server firmware versions up to 4.7.18.0.eden. It is caused by an execution with unnecessary privileges in the sync_project.sh script, which allows an attacker to escalate their privileges to root, gaining full control over the system.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can gain root privileges on the affected server, potentially leading to full system compromise, unauthorized access to sensitive data, disruption of services, and further attacks within the network.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, do not expose port 8080 to the internet as recommended by Ilevia. Since the vendor has declined to service this vulnerability, restricting network exposure is the primary mitigation step.