CVE-2025-34185
Severity CVSS v4.0:
HIGH
Type:
CWE-22
Path Traversal
Publication date:
16/09/2025
Last modified:
17/09/2025
Description
Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a pre-authentication file disclosure vulnerability via the 'db_log' POST parameter. Remote attackers can retrieve arbitrary files from the server, exposing sensitive system information and credentials.
Impact
Base Score 4.0
8.70
Severity 4.0
HIGH