CVE-2025-34185
HIGHIlevia EVE X1 Server <= 4.7.18.0.eden - Unauthenticated Arbitrary File Read via db_log Parameter
Title source: llmDescription
Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a pre-authentication file disclosure vulnerability via the 'db_log' POST parameter. Remote attackers can retrieve arbitrary files from the server, exposing sensitive system information and credentials.
References (4)
Core 4
Core References
Product product
https://www.ilevia.com/
Third Party Advisory technical-description
exploit
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5955.php
Third Party Advisory exploit
https://packetstorm.news/files/id/207716/
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/ilevia-eve-x1-server-unauth-file-disclosure
Scores
CVSS v3
7.5
EPSS
0.0080
EPSS Percentile
51.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-200
CWE-22
Status
published
Products (3)
ilevia/eve_x1_server_firmware
< 4.7.18.0
Ilevia Srl./EVE X1 Server
< 4.7.18.0.eden
Ilevia Srl./EVE X1 Server
< 4.7.18.0.eden (Logic version: 6.00)
Published
Sep 16, 2025
Tracked Since
Feb 18, 2026