CVE-2025-34516
BaseFortify
Publication date: 2025-10-16
Last updated on: 2025-11-03
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ilevia | eve_x1_server_firmware | to 4.7.18.0 (inc) |
| ilevia | eve_x1_server | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1392 | The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Ilevia EVE X1 Server firmware versions up to 4.7.18.0.eden and involves the use of default credentials. It allows an unauthenticated attacker to gain remote access to the server, potentially compromising the system without needing any prior authentication.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to remotely access the affected server without authentication, which could lead to unauthorized control, data theft, or disruption of services. Since the attacker does not need credentials, the risk of compromise is high if the vulnerable server is exposed, especially on port 8080.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, do not expose port 8080 of the Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden to the internet, as recommended by Ilevia. Since the vendor has declined to service this vulnerability, restricting external access to the affected service is the primary mitigation step.