CVE-2025-14276 | Ilevia EVE X1 Server up to 4.6.5.0.eden leaf_search.php line command injection

A vulnerability was found in Ilevia EVE X1 Server up to 4.6.5.0.eden. It has been classified as critical. Impacted is an unknown function of the file /ajax/php/leaf_search.php. This manipulation of the argument line causes command injection.

This vulnerability is handled as CVE-2025-14276. The attack can be initiated remotely. Additionally, an exploit exists.

Upgrading the affected component is recommended.

The vendor confirms the issue and recommends: “We already know that issue and on most devices are already solved, also it’s not needed to open the port to outside world so we advised our customer to close it”.

CVE-2025-14276 | Ilevia EVE X1 Server up to 4.6.5.0.eden leaf_search.php line command injection

Post correlati

CVE-2024-34349 | Sylius up to 1.12.15/1.13.0 Name cross site scripting (GHSA-v2f9-rv6w-vw8r)

CVE-2024-31926 | BracketSpace Advanced Cron Manager Plugin up to 2.5.2 on WordPress cross site scripting

CVE-2024-45498 | Apache Airflow 2.10.0 DAG Trigger Permission command injection

CVE-2025-9404 | Scada-LTS up to 2.7.8.1 Folder /pointHierarchySLTS Title cross site scripting