PT-2025-38075 · Ilevia · Ilevia Eve X1 Server
Gjoko Krstic
·
Published
2025-09-16
·
Updated
2025-09-25
·
CVE-2025-34185
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Ilevia EVE X1 Server versions prior to 4.7.18.0.eden
Description
Ilevia EVE X1 Server versions prior to 4.7.18.0.eden contain a pre-authentication file disclosure issue via the
db log POST parameter. Remote attackers can retrieve arbitrary files from the server, potentially exposing sensitive system information and credentials.Recommendations
Update Ilevia EVE X1 Server to version 4.7.18.0.eden or later.
As a temporary workaround, restrict access to the
db log POST parameter.Exploit
Fix
Path traversal
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ilevia Eve X1 Server