PT-2025-42500 · Unknown · Ilevia Eve X1
Gjoko Krstic
·
Published
2025-10-16
·
Updated
2026-05-26
·
CVE-2025-34512
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Ilevia EVE X1 Server firmware versions through 4.7.18.0.eden
Description
The software contains a reflected cross-site scripting (XSS) issue in the
index.php file. An unauthenticated attacker can leverage this to execute arbitrary code. The vendor has declined to address this issue and advises against exposing port 8080 to the internet.Recommendations
Do not expose port 8080 to the internet.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ilevia Eve X1