CVE-2025-14276

Ilevia EVE X1 Server leaf_search.php command injection

CVSS 6.3 MEDIUMEPSS 1.5%CWE-74 CWE-77

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 6.3EPSS 1.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

08 dez 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.eden. Impacted is an unknown function of the file /ajax/php/leaf_search.php. This manipulation of the argument line causes command injection. The attack can be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit has been publicly disclosed and may be utilized. Upgrading the affected component is recommended. The vendor confirms the issue and recommends: "We already know that issue and on most devices are already solved, also it’s not needed to open the port to outside world so we advised our customer to close it".

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Produtos afetados

Ilevia · EVE X1 Server

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://vuldb.com/?ctiid.334802 https://vuldb.com/?id.334802 https://vuldb.com/?submit.702649 https://vuldb.com/?submit.715521 https://www.yuque.com/yuqueyonghuexlgkz/zepczx/ahygt5u6sgqpk5tt?singleDoc