CVE-2025-34185— Ilevia EVE X1 Server 4.7.18.0.eden Unauthenticated File Disclosure
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-34185
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ilevia EVE X1 Server 4.7.18.0.eden Unauthenticated File Disclosure
Source: NVD (National Vulnerability Database)
Vulnerability Description
Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a pre-authentication file disclosure vulnerability via the 'db_log' POST parameter. Remote attackers can retrieve arbitrary files from the server, exposing sensitive system information and credentials.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
Ilevia EVE X1 Server 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Ilevia EVE X1 Server是意大利Ilevia公司的一款智能家居与楼宇自动化。 Ilevia EVE X1 Server 4.7.18.0.eden及之前版本存在安全漏洞,该漏洞源于db_log参数存在预认证文件泄露,可能导致远程攻击者获取服务器敏感信息和凭据。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Ilevia Srl. | EVE X1 Server | * ~ 4.7.18.0.eden (Logic version: 6.00) | - |
II. Public POCs for CVE-2025-34185
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-34185
请登录查看更多情报信息。
- Zero Science Lab » Ilevia EVE X1 Server 4.7.18.0.eden (db_log) Pre-Auth File Disclosuretechnical-descriptionexploit
- https://nvd.nist.gov/vuln/detail/CVE-2025-34185
Same Patch Batch · Ilevia Srl. · 2025-09-16 · 5 CVEs total
| CVE-2025-34184 | Ilevia EVE X1 Server 4.7.18.0.eden Neuro-Core Unauthenticated Code Injection | |
| CVE-2025-34183 | Ilevia EVE X1 Server 4.7.18.0.eden Credentials Leak Through Log Disclosure | |
| CVE-2025-34187 | Ilevia EVE X1/X5 Server 4.7.18.0.eden Reverse Rootshell | |
| CVE-2025-34186 | Ilevia EVE X1/X5 Server 4.7.18.0.eden Authentication Bypass |
IV. Related Vulnerabilities
Same product: EVE X1 Server
- CVE-2025-14276
Ilevia EVE X1 Server leaf_search.php command injection - CVE-2025-34517
Ilevia EVE X1 Server 4.7.18.0.eden Absolute Path Traversal - CVE-2025-34514
Ilevia EVE X1 Server 4.7.18.0.eden Authenticated Command Inj - CVE-2025-34519
Ilevia EVE X1 Server 4.7.18.0.eden Insecure Hashing Algorith - CVE-2025-34512
Ilevia EVE X1 Server 4.7.18.0.eden Reflected XSS
Same vendor: Ilevia Srl.
- CVE-2025-34517
Ilevia EVE X1 Server 4.7.18.0.eden Absolute Path Traversal - CVE-2025-34514
Ilevia EVE X1 Server 4.7.18.0.eden Authenticated Command Inj - CVE-2025-34519
Ilevia EVE X1 Server 4.7.18.0.eden Insecure Hashing Algorith - CVE-2025-34512
Ilevia EVE X1 Server 4.7.18.0.eden Reflected XSS - CVE-2025-34518
Ilevia EVE X1 Server 4.7.18.0.eden Relative Path Traversal
Same weakness: CWE-200
- CVE-2026-42333
quarkus-openapi-generator has overly broad path-parameter ma - CVE-2026-8198
Activity Logs, User Activity Tracking, Multisite Activity Lo - CVE-2026-42456
AnythingLLM: Cross-User TTS Audio Disclosure via Chat ID (ID - CVE-2026-41520
Cillium exposes sensitive information included in the cilium - CVE-2026-25199
Apache CloudStack: Proxmox Extension Allows Unauthorized Cro
V. Comments for CVE-2025-34185
No comments yet