CVE-2025-34186
🔴 Łataj teraz
Obejście uwierzytelnienia w serwerze Ilevia EVE X1/X5 umożliwia zdalny dostęp do systemu.
CVSS
9.8
EPSS
0.7%
Exploit
poc
Vendor
ilevia
Opis źródłowy (NVD)
Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Unsanitized input is passed to a system() call for authentication, allowing attackers to inject special characters and manipulate command parsing. Because the binary interprets non-zero exit codes from system() as successful authentication, remote attackers can bypass authentication and gain full access to the system.
auth-bypass exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.8 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.7% |
| Opublikowano (NVD) | 2025-09-16 20:15:34 UTC |
| Ostatnia modyfikacja (NVD) | 2026-05-26 14:16:27 UTC |
Referencje
- https://packetstorm.news/files/id/208871/ (disclosure@vulncheck.com) [Exploit, Third Party Advisory]
- https://www.ilevia.com/ (disclosure@vulncheck.com) [Product]
- https://www.vulncheck.com/advisories/ilevia-eve-x1-x5-server-auth-bypass (disclosure@vulncheck.com) [Third Party Advisory]
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5958.php (disclosure@vulncheck.com) [Exploit, Third Party Advisory]