PatchSiren cyber security CVE debrief
CVE-2025-34512 Ilevia CVE debrief
CVE-2025-34512 is a reflected cross-site scripting issue in Ilevia EVE X1 Server firmware, affecting index.php. According to the CISA advisory, an unauthenticated attacker can trigger the flaw. Ilevia declined to service the vulnerability and advises customers not to expose port 8080 to the internet.
- Vendor
- Ilevia
- Product
- EVE X1
- CVSS
- MEDIUM 5.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-05
- Original CVE updated
- 2026-02-05
- Advisory published
- 2026-02-05
- Advisory updated
- 2026-02-05
Who should care
OT and facilities teams running Ilevia EVE X1 Server, especially any deployment reachable from untrusted networks or with port 8080 exposed. Security teams responsible for perimeter filtering, segmentation, and device management should also treat this as relevant.
Technical summary
CISA describes a reflected XSS vulnerability in index.php on Ilevia EVE X1 Server firmware. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N, which aligns with a medium-severity issue that requires user interaction but can affect confidentiality and integrity. The advisory notes that the vendor has declined to service the vulnerability and recommends using the secure access path in the updated Ilevia Manager while ensuring port 8080 is not exposed to the internet.
Defensive priority
Moderate, but higher urgency if the device is internet-facing or accessible beyond a trusted management network. For OT environments, exposure reduction and segmentation should be treated as immediate containment steps.
Recommended defensive actions
- Update to the newest version of Ilevia Manager from the vendor's download page.
- Verify port 8080 is closed on all devices and routers and keep it off the public internet.
- Use only the secure access option provided in the updated Ilevia Manager.
- Change all default passwords on active systems to strong, unique credentials.
- Review firewall configurations to confirm external exposure is minimized and internal protections are working as intended.
- Monitor for unauthorized access attempts.
- Apply network segmentation where possible to reduce the attack surface.
Evidence notes
This debrief is based on the CISA CSAF advisory ICSA-26-036-04 for CVE-2025-34512 and the official references included with that advisory. The advisory text states the reflected XSS condition, notes the vendor declined to service it, and includes mitigation guidance centered on closing port 8080, updating Ilevia Manager, and reducing exposure. No KEV listing was provided in the supplied corpus.
Official resources
-
CVE-2025-34512 CVE record
CVE.org
-
CVE-2025-34512 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA in advisory ICSA-26-036-04 on 2026-02-05. No CISA KEV listing was included in the supplied data.