CVE-2025-34183

Critical CVSS: 9.3

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a vulnerability in its server-side logging mechanism that allows unauthenticated remote attackers to retrieve plaintext credentials from exposed .log files. This flaw enables full authentication bypass and system compromise through credential reuse.

Vendor

Ilevia

Product

Eve X1 Server Firmware

CWE

CWE-532

Yayın Tarihi

2025-09-16 20:15:34

Güncelleme

2025-09-25 14:56:22

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-532 Eve X1 Server Firmware CRITICAL Ilevia 2025

Referanslar

https://packetstorm.news/files/id/208700/ https://www.ilevia.com/ https://www.vulncheck.com/advisories/ilevia-eve-x1-server-credentials-leak-through-log-disclosure https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5957.php https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5957.php

Benzer Kayıtlar

Critical

CVE-2025-60739

Cross Site Request Forgery (CSRF) vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logi…

Medium

CVE-2025-60737

Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version

Critical

CVE-2025-60738

An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 2025_07_21 and before…

Critical

CVE-2025-34516

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials vulnerability that allows an…

High

CVE-2025-34517

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in get_file_cont…

High

CVE-2025-34518

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a relative path traversal vulnerability in get_file_conte…