PT-2025-38077 · Ilevia · Ilevia Eve X1/X5 Server
Gjoko Krstic
·
Published
2025-09-16
·
Updated
2025-09-25
·
CVE-2025-34187
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Ilevia EVE X1/X5 Server versions prior to 4.7.18.0.eden
Description
The software contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads. Execution with sudo grants full root access, potentially leading to remote privilege escalation and system compromise.
Recommendations
Update Ilevia EVE X1/X5 Server to version 4.7.18.0.eden or later.
Exploit
Fix
LPE
Improper Privilege Management
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ilevia Eve X1/X5 Server