PatchSiren cyber security CVE debrief
CVE-2025-34184 Ilevia CVE debrief
CVE-2025-34184 affects the Ilevia EVE X1 Server and is a critical unauthenticated OS command injection issue. According to the CISA advisory published on 2026-02-05, remote attackers can inject payloads into the /ajax/php/login.php script via the passwd HTTP POST parameter and cause arbitrary system command execution. The documented impact includes full system compromise or denial of service.
- Vendor
- Ilevia
- Product
- EVE X1
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-05
- Original CVE updated
- 2026-02-05
- Advisory published
- 2026-02-05
- Advisory updated
- 2026-02-05
Who should care
OT/ICS teams running Ilevia EVE X1, especially any deployment with remote or internal network exposure; administrators responsible for the EVE X1 management interface, firewalling, segmentation, and default credential hygiene.
Technical summary
The supplied CISA CSAF advisory describes an unauthenticated OS command injection vulnerability in /ajax/php/login.php. The vulnerable input is the passwd HTTP POST parameter. Because the issue is network-exploitable with no authentication or user interaction required, the advisory maps to CVSS v3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8). The source states the outcome may include arbitrary command execution, full system compromise, or denial of service.
Defensive priority
Critical. This is a remotely reachable, no-authentication command injection in an OT-facing product, with high confidentiality, integrity, and availability impact. Treat exposure as urgent and prioritize patching, exposure reduction, and compensating controls immediately.
Recommended defensive actions
- Update to the newest version of Ilevia Manager from the vendor's download page.
- Verify port 8080 is closed on all devices and routers.
- Enable access only through the secure option provided in the updated Ilevia Manager.
- Change all default passwords on active systems to strong, unique credentials.
- Review firewall configurations to ensure internal protections are working and external exposure is minimized.
- Monitor for unauthorized access attempts.
- Apply network segmentation where possible to reduce attack surface.
Evidence notes
All substantive claims are drawn from the supplied CISA CSAF source item for ICSA-26-036-04 and its referenced vendor mitigation language. The corpus identifies CVE-2025-34184, the affected product as Ilevia EVE X1, the vulnerable script and parameter, the unauthenticated command-injection condition, the CVSS vector/score, and the mitigation steps. No exploit code, reproduction steps, or version-range details beyond the provided source material are included.
Official resources
-
CVE-2025-34184 CVE record
CVE.org
-
CVE-2025-34184 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published advisory ICSA-26-036-04 for CVE-2025-34184 on 2026-02-05. The supplied source item contains the vulnerability description, CVSS information, and vendor mitigation guidance. No KEV entry is present in the supplied data.