CNNVD-202509-2311 Information

Sep 16, 2025 cve

CNNVD ID

CNNVD-202509-2311

CVE-2025-34186

CNNVD Published: 2025-09-16

Description (Chinese)

Ilevia EVE X1 Server和Ilevia EVE X5 Server都是意大利Ilevia公司的一款智能家居与楼宇自动化。 Ilevia EVE X1 Server和Ilevia EVE X5 Server 4.7.18.0.eden及之前版本存在安全漏洞，该漏洞源于身份验证机制中未清理的输入被传递给system调用，可能导致绕过身份验证和获取系统完全访问权限。

Description (English)

Ilevia EVE X1 Server and Ilevia EVE X5 Server are both intelligent homes and buildings automated by the Italian company Ilevia. Ilevia EVE X1 Server and Ilevia EVE X5 Server 4.7.18.0.eden and previous versions have security loopholes, which stem from the fact that uncleaned input from the identification mechanism was transferred to system for call, which could result in bypassing the identification and obtaining full access to the system.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

Ilevia

Published

2025-09-16

Last Modified

2026-02-24

References

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5958.php https://www.vulncheck.com/advisories/ilevia-eve-x1-x5-server-auth-bypass https://packetstorm.news/files/id/208871/ https://www.ilevia.com/ https://access.redhat.com/security/cve/cve-2025-34186

Share on: