CVE-2025-14276
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-08

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.eden. Impacted is an unknown function of the file /ajax/php/leaf_search.php. This manipulation of the argument line causes command injection. The attack can be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit has been publicly disclosed and may be utilized. Upgrading the affected component is recommended. The vendor confirms the issue and recommends: "We already know that issue and on most devices are already solved, also it’s not needed to open the port to outside world so we advised our customer to close it".
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-08
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-12-09
EPSS Evaluated
2026-06-15
NVD
CVE-2025-14276
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ilevia eve_x1_server 4.6.5.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Ilevia EVE X1 Server up to version 4.6.5.0.eden, specifically in an unknown function within the file /ajax/php/leaf_search.php. It involves manipulation of an argument line that leads to command injection, allowing an attacker to execute arbitrary commands remotely. The attack requires a high degree of complexity and is considered difficult to exploit. The vendor acknowledges the issue and recommends closing the port to the outside world to mitigate the risk.

Impact Analysis

This vulnerability can allow a remote attacker to execute arbitrary commands on the affected server, potentially leading to unauthorized access, data compromise, or disruption of services. Because it involves command injection, it can impact the confidentiality, integrity, and availability of the system. However, the attack is difficult to perform and requires complex conditions.

Mitigation Strategies

The vendor recommends upgrading the affected component to a version where the issue is resolved. Additionally, it is advised to close the port to the outside world to prevent remote attacks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14276. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart