Ilevia EVE X1 is a server firmware used by some organizations for remote monitoring and management of industrial equipment. This vulnerability allows a remote attacker to execute arbitrary code via the /index.php component, potentially leading to unauthorized access to sensitive data or system configuration.
You're affected if you use Ilevia EVE X1 Server Firmware Version<= 4.7.18.0.eden:Logic Version<=6.00 - 2025_07_21. If you don't recognise the name, you're probably not affected. Check with your IT department or equipment manufacturer to confirm.
Version info: Affected versions are listed in the advisory's repository, but it is not specified how to access this information.
Upgrade to firmware version 4.7.18.0.eden:Logic Version>6.00 - 2025_07_21 from the Ilevia website.
- Immediate mitigations:
- Restrict network access to your Ilevia EVE X1 instance (firewall it from the public internet)
- Monitor for suspicious activity related to the /index.php component