{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-34516","assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","state":"PUBLISHED","assignerShortName":"VulnCheck","dateReserved":"2025-04-15T19:15:22.612Z","datePublished":"2025-10-16T17:52:55.159Z","dateUpdated":"2026-03-23T15:44:01.363Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unknown","product":"EVE X1 Server","vendor":"Ilevia Srl.","versions":[{"lessThanOrEqual":"4.7.18.0.eden","status":"affected","version":"*","versionType":"custom"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:ilevia:eve_x1_server_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"4.7.18.0.eden","versionStartIncluding":"0","vulnerable":true}],"negate":false,"operator":"OR"}],"operator":"OR"}],"credits":[{"lang":"en","type":"finder","value":"Gjoko Krstic of Zero Science Lab"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Ilevia&nbsp;EVE X1 Server firmware versions ≤ <span style=\"background-color: rgb(255, 255, 255);\">4.7.18.0.eden</span> contain a use of default credentials vulnerability<span style=\"background-color: rgb(255, 255, 255);\">&nbsp;</span>that allows an unauthenticated attacker to obtain remote access. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.<br>"}],"value":"Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials vulnerability that allows an unauthenticated attacker to obtain remote access. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet."}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":9.3,"baseSeverity":"CRITICAL","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-1392","description":"CWE-1392 Use of Default Credentials","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck","dateUpdated":"2026-03-23T15:44:01.363Z"},"references":[{"tags":["product"],"url":"https://www.ilevia.com/"},{"tags":["third-party-advisory"],"url":"https://www.vulncheck.com/advisories/ilevia-eve-x1-server-use-of-default-credentials"},{"tags":["technical-description","exploit"],"url":"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5963.php"}],"source":{"discovery":"UNKNOWN"},"title":"Ilevia EVE X1 Server 4.7.18.0.eden Use of Default Credentials","x_generator":{"engine":"vulncheck"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-10-16T18:26:31.882254Z","id":"CVE-2025-34516","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-16T19:21:57.588Z"}}]}}