Critical Vulnerability Information Title: Ilveia EVE X1 Server 4.7.18.0.eden (db_log) Pre-Auth File Disclosure Type: Local/Remote Impact: Exposure of System Information, Exposure of Sensitive Information CVSS: 6.5 Release Date: 31.07.2025 Vulnerability Description A pre-authentication file disclosure vulnerability exists in the controller. By exploiting the POST parameter, attackers can disclose arbitrary files on the affected device, leading to exposure of sensitive and system information. Affected Versions Reference Links 1. https://packetstormsecurity.news/files/id207716/ 2. https://www.vulncheck.com/advisories/ilveia-eve-x1-server-unauth-file-disclosure 3. https://www.cve.org/CVERecord?id=CVE-2025-34185