PT-2025-38073 · Ilevia · Ilevia Eve X1 Server

Gjoko Krstic

Published

2025-09-16

Updated

2025-09-25

CVE-2025-34183

CVSS v4.0

9.3

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Ilevia EVE X1 Server versions 4.7.18.0 and earlier

Description The server-side logging mechanism in Ilevia EVE X1 Server contains a flaw that allows unauthenticated remote attackers to retrieve plaintext credentials from exposed .log files. This enables full authentication bypass and system compromise through credential reuse.

Recommendations Update Ilevia EVE X1 Server to a version later than 4.7.18.0.

Exploit

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2025-34183

Affected Products

Ilevia Eve X1 Server

PT-2025-38073 · Ilevia · Ilevia Eve X1 Server

CVE-2025-34183

Weakness Enumeration

Related Identifiers

Affected Products

References · 11