PatchSiren cyber security CVE debrief
CVE-2025-34513 Ilevia CVE debrief
CVE-2025-34513 is a critical unauthenticated OS command injection vulnerability in Ilevia EVE X1 Server firmware, specifically in mbus_build_from_csv.php. CISA’s advisory states the issue can allow arbitrary code execution over the network and assigns a 9.8 CVSS score. The advisory also notes that Ilevia declined to service the vulnerability and recommends that customers avoid exposing port 8080 to the internet.
- Vendor
- Ilevia
- Product
- EVE X1
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-05
- Original CVE updated
- 2026-02-05
- Advisory published
- 2026-02-05
- Advisory updated
- 2026-02-05
Who should care
OT/ICS operators using Ilevia EVE X1, facility and building automation teams, network/security administrators, and asset owners responsible for internet-facing industrial or edge management interfaces.
Technical summary
According to the CISA CSAF advisory, Ilevia EVE X1 Server firmware contains an OS command injection issue in mbus_build_from_csv.php. The vulnerability is reachable by an unauthenticated attacker and can result in arbitrary code execution. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8, Critical). The advisory further states that Ilevia declined to service the issue and recommends customers not expose port 8080 to the internet. Mitigations listed by the vendor include updating to the newest Ilevia Manager, ensuring port 8080 is closed on devices and routers, using the secure option in the updated manager, changing default passwords, reviewing firewall settings, monitoring for unauthorized access attempts, and segmenting the network where possible.
Defensive priority
Urgent priority. Treat as a high-risk remote code execution condition and reduce exposure immediately, especially where port 8080 is reachable from untrusted networks.
Recommended defensive actions
- Update to the newest version of Ilevia Manager from the vendor’s download site.
- Verify that port 8080 is closed on all devices and routers.
- Use only the secure access option provided in the updated Ilevia Manager.
- Change all default passwords on active systems to strong, unique credentials.
- Review firewall configurations to confirm external exposure is minimized.
- Monitor for unauthorized access attempts.
- Apply network segmentation where possible to reduce the attack surface.
Evidence notes
This debrief is limited to the supplied CSAF advisory and official reference links. The advisory text explicitly identifies OS command injection in mbus_build_from_csv.php, unauthenticated arbitrary code execution, vendor non-service, and the recommendation not to expose port 8080. The published date used here is the CVE/advisory publishedAt value provided in the corpus (2026-02-05T07:00:00.000Z). The CVSS score and vector are taken from the source item metadata. No exploit code or unsupported claims are included.
Official resources
-
CVE-2025-34513 CVE record
CVE.org
-
CVE-2025-34513 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published advisory ICSA-26-036-04 and the corresponding CVE record on 2026-02-05. The advisory states that Ilevia declined to service the vulnerability and recommends avoiding internet exposure of port 8080.