← back
CVE-2025-34515

Ilevia EVE X1 Server 4.7.18.0.eden Root Privilege Escalation

CVSS 9.3 CRITICALEPSS 7.3%CWE-250
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an execution with unnecessary privileges vulnerability in sync_project.sh that allows an attacker to escalate privileges to root. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Ilevia Srl. · EVE X1 Server
public PoCs found1
cve_referencewww.zeroscience.mk/en/vulnerabilities/ZSL-2025-5965.phpunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.ilevia.com/https://www.vulncheck.com/advisories/ilevia-eve-x1-server-root-priv-eschttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5965.php