CVE-2025-34185

High CVSS: 8.7

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a pre-authentication file disclosure vulnerability via the 'db_log' POST parameter. Remote attackers can retrieve arbitrary files from the server, exposing sensitive system information and credentials.

Vendor

Ilevia

Product

Eve X1 Server Firmware

CWE

CWE-22

Yayın Tarihi

2025-09-16 20:15:34

Güncelleme

2025-09-25 14:56:39

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-22 Eve X1 Server Firmware HIGH Ilevia 2025

Referanslar

https://packetstorm.news/files/id/207716/ https://www.ilevia.com/ https://www.vulncheck.com/advisories/ilevia-eve-x1-server-unauth-file-disclosure https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5955.php https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5955.php

Benzer Kayıtlar

Critical

CVE-2025-60739

Cross Site Request Forgery (CSRF) vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logi…

Medium

CVE-2025-60737

Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version

Critical

CVE-2025-60738

An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 2025_07_21 and before…

Critical

CVE-2025-34516

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials vulnerability that allows an…

High

CVE-2025-34517

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in get_file_cont…

High

CVE-2025-34518

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a relative path traversal vulnerability in get_file_conte…