CNNVD-202512-893 Information

Dec 08, 2025 cve

CNNVD ID

CNNVD-202512-893

CVE-2025-14276

CNNVD Published: 2025-12-08

Description (Chinese)

Ilevia EVE X1 Server是意大利Ilevia公司的一款智能家居与楼宇自动化。 Ilevia EVE X1 Server 4.6.5.0.eden及之前版本存在命令注入漏洞，该漏洞源于对文件/ajax/php/leaf_search.php中参数line的错误操作，可能导致命令注入攻击。

Description (English)

Ilevia EVE X1 Server is an intelligent home and building automation for Ilevia in Italy. Ilevia EVE X1 Server 4.6.5.0.eden and previous versions had a command-injecting loophole, which resulted from the incorrect operation of the parameter line in the document/ajax/php/leaf search.php, which could lead to an order-injection attack.

Hazard Level

High

Vulnerability Type

命令注入

Affected Vendor

Ilevia

Published

2025-12-08

Last Modified

2026-02-24

References

https://vuldb.com/?id.334802 https://www.yuque.com/yuqueyonghuexlgkz/zepczx/ahygt5u6sgqpk5tt?singleDoc https://vuldb.com/?submit.702649 https://vuldb.com/?ctiid.334802 https://access.redhat.com/security/cve/cve-2025-14276

Share on: