CVE-2025-34187

Ilevia EVE X1/X5 Server version  4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads. Execution with sudo grants full root access, resulting in remote privilege escalation and potential system compromise.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
VulnCheckCNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://packetstorm.news/files/id/209226/
https://www.ilevia.com/
https://www.vulncheck.com/advisories/ilevia-eve-x1-x5-server-reverse-rootshell
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5959.php