CVE-2025-34513

CRITICAL

CVSS v3

9.8

CRITICAL

EPSS Score

14.5%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an OS command injection vulnerability in mbus_build_from_csv.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.

Technical Details

Published
10/16/2025

Frequently Asked Questions

What is CVE-2025-34513?

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an OS command injection vulnerability in mbus_build_from_csv.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.

Is CVE-2025-34513 actively exploited?

Active exploitation of CVE-2025-34513 has not been confirmed. The EPSS score is 14.5%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2025-34513?

CVE-2025-34513 has a CVSS v3 base score of 9.8 (CRITICAL severity).

Is CVE-2025-34513 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.