Ilevia EVE X1 Server

Act Now9.8ICS-CERT ICSA-26-036-04Feb 5, 2026

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The Ilevia EVE X1 Server contains multiple critical vulnerabilities (path traversal, arbitrary command execution, sensitive information disclosure, and cross-site scripting) that allow unauthenticated remote attackers to execute arbitrary shell commands on the device and access sensitive system information through the unprotected port 8080 web interface. Affected versions are 4.7.18.0 and earlier. The vulnerabilities can be exploited without authentication or user interaction, making them severe for any EVE X1 deployment exposed to untrusted networks.

What this means

What could happen

An attacker with network access to the EVE X1 server can run arbitrary shell commands and access sensitive system information, potentially disrupting surveillance operations or gaining control over the device for further attacks.

Who's at risk

Organizations using Ilevia EVE X1 servers for video surveillance or similar monitoring should be concerned. This includes municipal facilities, water utilities, electric utilities, transportation systems, and any organization relying on EVE X1 for security camera management or monitoring.

How it could be exploited

An attacker sends a crafted request over the network to the unprotected port 8080 on the EVE X1 server. The vulnerabilities (path traversal, command injection, information disclosure, and cross-site scripting) allow the attacker to bypass authentication and execute arbitrary system commands or retrieve sensitive data without logging in.

Prerequisites

Network access to port 8080 on the EVE X1 server
No authentication required
Default or weak credentials may be present on some systems (though not required for exploitation)

Remotely exploitable without authenticationLow attack complexityHigh EPSS score (13.3%)Network-accessible from internet if misconfiguredNo vendor fix currently availableMultiple vulnerability types (path traversal, command injection)

Exploitability

High exploit probability (EPSS 13.3%)

Affected products (1)

ProductAffected VersionsFix Status

EVE X1: <=4.7.18.0≤ 4.7.18.0No fix (EOL)

Remediation & Mitigation

0/7

Do now

0/3

WORKAROUNDClose port 8080 on all EVE X1 devices and routers immediately

HARDENINGEnable secure access option provided in the updated Ilevia Manager and disable insecure access paths

HARDENINGChange all default passwords on active EVE X1 systems to strong, unique credentials

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate to the newest version of Ilevia Manager from https://www.ilevia.com/downloads/

Mitigations - no patch available

0/3

EVE X1: <=4.7.18.0 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGReview and verify firewall configurations to confirm internal protections are functioning and external exposure is minimized

HARDENINGImplement network segmentation to isolate EVE X1 servers from untrusted networks

HARDENINGMonitor logs and network traffic for unauthorized access attempts to EVE X1 servers

CVEs (9)

CVE-2025-34185 CVE-2025-34184 CVE-2025-34183 CVE-2025-34186 CVE-2025-34187 CVE-2025-34517 CVE-2025-34518 CVE-2025-34512 CVE-2025-34513

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/266425ad-012a-4da9-a3a3-89500efc0e9e