CVE-2025-34187

Name: CVE-2025-34187
Creator: NVD / NIST
Published: 2025-09-16T20:15:34.86+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.3/10EPSS 3.19%

Last modified Jun 17, 2026

CVE-2025-34187 is a critical-severity vulnerability rated 9.3/10 on the CVSS scale. Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads. EPSS estimates a 3.19% chance of exploitation in the next 30 days.

Description

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads. Execution with sudo grants full root access, resulting in remote privilege escalation and potential system compromise.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 4.0

9.3/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

3.19%

86.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Ilevia	Eve X1 Server Firmware	<= 4.7.18.0

References

https://packetstorm.news/files/id/209226/Exploit, Permissions Required, Third Party Advisory
https://www.ilevia.com/Product
https://www.vulncheck.com/advisories/ilevia-eve-x1-x5-server-reverse-rootshellThird Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5959.phpExploit, Third Party Advisory

Timeline

Published: Sep 16, 2025
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2025-34187?

How severe is CVE-2025-34187?

CVE-2025-34187 has a CVSS score of 9.3/10 (CRITICAL severity). The EPSS model estimates a 3.19% probability of exploitation in the next 30 days.

How do I fix CVE-2025-34187?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-34187?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST