CVE-2025-34516
Published: 16 October 2025
Summary
CVE-2025-34516 is a critical-severity Use of Default Credentials (CWE-1392) vulnerability in Ilevia Eve X1 Server Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 38.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-17 (Remote Access) and IA-5 (Authenticator Management).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
IA-5 requires changing default authenticators prior to first use, directly eliminating the use of default credentials that enable unauthenticated remote access.
SC-7 enforces boundary protection to monitor and control communications at external interfaces, preventing network access to the vulnerable port 8080 as recommended by the vendor.
AC-17 establishes usage restrictions, authorization, and monitoring for remote access, mitigating exploitation of the default credentials vulnerability over remote connections.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Default credentials vulnerability in public-facing server (port 8080) enables initial access via T1190 (Exploit Public-Facing Application) and T1078.001 (Default Accounts).
NVD Description
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials vulnerability that allows an unauthenticated attacker to obtain remote access. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to…
more
the internet.
Deeper analysisAI
CVE-2025-34516 is a use of default credentials vulnerability (CWE-1392) in Ilevia EVE X1 Server firmware versions up to and including 4.7.18.0.eden. This issue allows an unauthenticated attacker to gain remote access to affected devices, earning a critical CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Any unauthenticated attacker with network access to the server, particularly port 8080, can exploit this vulnerability with low complexity and no privileges or user interaction required. Successful exploitation provides remote access, enabling high-impact compromise of confidentiality, integrity, and availability, such as executing arbitrary commands, modifying configurations, or disrupting device operations.
Advisories from sources including VulnCheck and Zero Science Lab indicate that Ilevia has declined to service or patch this vulnerability. The vendor recommends that customers avoid exposing port 8080 to the internet as the sole mitigation strategy.
Details
- CWE(s)