Critical Vulnerability Information Title: Ilevia EVE X1/X5 Server 4.7.18.0.eden Authentication Bypass Exploit Type: Local/Remote Impact: Security Bypass, System Access, DoS Risk: 5/5 Release Date: 26.08.2025 Summary EVE is a smart home and building automation solution designed for residential and commercial environments. It integrates various systems through a highly customizable, user-friendly interface. Description The application constructs shell commands using unvalidated user input and invokes external binaries for authentication. Due to improper input handling and reliance on binary return values for access control, attackers can inject special characters (such as double quotes) to manipulate command parsing and cause execution failures. This allows remote users to bypass authentication without providing valid credentials. Affected Versions References 1. https://rocketsform.news/files/id/208871/ 2. https://www.vulncheck.com/advisories/ilevia-eve-x1-x5-server-auth-bypass 3. https://www.cve.org/CVERecord?id=CVE-2025-34186