CVE-2025-34183
HIGHIlevia EVE X1 Server <= 4.7.18.0.eden - Unauthenticated Credential Exposure via Log File Disclosure
Title source: llmDescription
Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a vulnerability in its server-side logging mechanism that allows unauthenticated remote attackers to retrieve plaintext credentials from exposed .log files. This flaw enables full authentication bypass and system compromise through credential reuse.
References (4)
Core 4
Core References
Exploit, Release Notes, Third Party Advisory technical-description
exploit
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5957.php
Exploit, Third Party Advisory exploit
https://packetstorm.news/files/id/208700/
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/ilevia-eve-x1-server-credentials-leak-through-log-disclosure
Product product
https://www.ilevia.com/
Scores
CVSS v3
7.5
EPSS
0.0066
EPSS Percentile
46.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-532
Status
published
Products (2)
ilevia/eve_x1_server_firmware
< 4.7.18.0
Ilevia Srl./EVE X1 Server
< 4.7.18.0.eden (Logic version: 6.00)
Published
Sep 16, 2025
Tracked Since
Feb 18, 2026