关键漏洞信息 漏洞名称: Ilevia EVE X1 Server 4.7.18.0.eden Reflected XSS 严重性: MEDIUM 日期: October 16, 2025 影响版本: EVE X1 Server <= 4.7.18.0.eden CVE编号: CVE-2025-34512 CWE编号: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') CVSS评分: 5.1 CVSS V4向量: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N 参考链接: - Zero Science Lab Disclosure - Ilevia Product Site 发现者: Gjoko Krstic of Zero Science Lab 描述: Ilevia EVE X1 Server firmware versions <= 4.7.18.0.eden contain a reflected cross-site scripting (XSS) vulnerability in index.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability and recommends that customers not expose port 8080 to the internet.