Back to search
CVE-2025-34185
Published: Sep 16, 2025
Modified: May 25, 2026
PUBLISHED
Description
Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a pre-authentication file disclosure vulnerability via the 'db_log' POST parameter. Remote attackers can retrieve arbitrary files from the server, exposing sensitive system information and credentials.
| Vendor | Product | Versions |
|---|---|---|
Ilevia Srl. | EVE X1 Server | affected 0 - <= 4.7.18.0.eden |
References
https://www.ilevia.com/
product
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5955.php
technical-description
exploit
https://www.vulncheck.com/advisories/ilevia-eve-x1-server-unauth-file-disclosure
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now