CNNVD-202509-2310 Information

Sep 16, 2025 cve

CNNVD ID

CNNVD-202509-2310

CVE-2025-34184

CNNVD Published: 2025-09-16

Description (Chinese)

Ilevia EVE X1 Server是意大利Ilevia公司的一款智能家居与楼宇自动化。 Ilevia EVE X1 Server 4.7.18.0.eden及之前版本存在安全漏洞，该漏洞源于/ajax/php/login.php脚本中存在未经验证的OS命令注入，可能导致执行任意系统命令或拒绝服务。

Description (English)

Ilevia EVE X1 Server is an intelligent home and building automation for Ilevia in Italy. Ilevia EVE X1 Server 4.7.18.0.eden and previous versions had a security loophole, which stemmed from the presence of unverified OS orders injected into the /ajax/php/login.php script, which could lead to arbitrary system orders or denial of services.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Ilevia

Published

2025-09-16

Last Modified

2026-02-24

References

https://packetstorm.news/files/id/207717/ https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5956.php https://www.vulncheck.com/advisories/ilevia-eve-x1-server-neuro-code-unauth-code-injection https://www.ilevia.com/ https://access.redhat.com/security/cve/cve-2025-34184

Share on: