CVE-2025-34184

Ilevia EVE X1 Server 4.7.18.0.eden Neuro-Core Unauthenticated Code Injection

Description

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST parameter, leading to full system compromise or denial of service.

INFO

Published Date :

2025-09-16T19:40:41.665Z

Last Modified :

2025-09-16T19:40:41.665Z

Source :

VulnCheck

AFFECTED PRODUCTS

The following products are affected by CVE-2025-34184 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-34184.

URL	Resource
https://packetstorm.news/files/id/207717/
https://www.ilevia.com/
https://www.vulncheck.com/advisories/ilevia-eve-x1-server-neuro-code-unauth-code-injection
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5956.php

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability