CVE-2025-14276 | Ilevia EVE X1 Server up to 4.6.5.0.eden leaf_search.php line command injection

A vulnerability was found in Ilevia EVE X1 Server up to 4.6.5.0.eden. It has been classified as critical. Impacted is an unknown function of the file /ajax/php/leaf_search.php. This manipulation of the argument line causes command injection.

This vulnerability is handled as CVE-2025-14276. The attack can be initiated remotely. Additionally, an exploit exists.

Upgrading the affected component is recommended.

The vendor confirms the issue and recommends: “We already know that issue and on most devices are already solved, also it’s not needed to open the port to outside world so we advised our customer to close it”.VulDB Recent EntriesRead More