CVE-2025-34185
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-16

Last updated on: 2025-09-25

Assigner: VulnCheck

Description
Ilevia EVE X1 Server version ≀ 4.7.18.0.eden contains a pre-authentication file disclosure vulnerability via the 'db_log' POST parameter. Remote attackers can retrieve arbitrary files from the server, exposing sensitive system information and credentials.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-16
Last Modified
2025-09-25
Generated
2026-06-16
AI Q&A
2025-09-16
EPSS Evaluated
2026-06-15
NVD
CVE-2025-34185
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
ilevia eve_x1_server_firmware to 4.7.18.0 (inc)
ilevia eve_x1_server *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-34185 is a critical vulnerability in Ilevia EVE X1 Server versions up to 4.7.18.0.eden that allows remote attackers to disclose arbitrary files on the server without any authentication. This happens through improper handling of the 'db_log' POST parameter, which can be exploited to retrieve sensitive system information and credentials. The vulnerability involves a path traversal flaw that enables attackers to access files they should not be able to see. [1, 2]

Impact Analysis

Exploitation of this vulnerability can lead to unauthorized disclosure of sensitive system information and credentials stored on the Ilevia EVE X1 Server. This can compromise the security of the smart home or building automation system, potentially allowing attackers to gain further access or control over electrical installations, security systems, and other connected devices managed by the server. The impact is rated as severe, with a high confidentiality impact and a CVSS score of 8.7. [1, 2]

Detection Guidance

This vulnerability can be detected by sending a crafted POST request to the Ilevia EVE X1 Server targeting the 'db_log' parameter to attempt to retrieve arbitrary files without authentication. A common detection method is to use curl or similar tools to send a POST request with the 'db_log' parameter set to a path traversal payload, such as '../../etc/passwd', to check if the server discloses the file contents. Example command: curl -X POST -d "db_log=../../etc/passwd" http://<target-ip-or-host>/path_to_vulnerable_endpoint [1, 2]

Mitigation Strategies

Immediate mitigation steps include restricting network access to the Ilevia EVE X1 Server to trusted users only, implementing firewall rules to block unauthorized external access, and monitoring for suspicious POST requests targeting the 'db_log' parameter. Since no vendor patch or response was available as of the advisory date, consider isolating the device from untrusted networks until a fix is released. Additionally, review server logs for exploitation attempts and disable or restrict the vulnerable functionality if possible. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-34185. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart