CVE-2025-34516 | THREATINT

Description

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials vulnerability that allows an unauthenticated attacker to obtain remote access. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.

PUBLISHED Reserved 2025-04-15 | Published 2025-10-16 | Updated 2025-10-16 | Assigner VulnCheck

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-1392 Use of Default Credentials

Product status

Default status

unknown

affected

Credits

Gjoko Krstic of Zero Science Lab finder

References

www.ilevia.com/ product

www.vulncheck.com/...ve-x1-server-use-of-default-credentials third-party-advisory

cve.org (CVE-2025-34516)

nvd.nist.gov (CVE-2025-34516)

Download JSON