Critical Vulnerability Information Title: Ilevia EVE X1 Server 4.7.18.0.eden Parameter Traversal Arbitrary File Access Type: Local/Remote Impact: Security Bypass, Exposure of System Information, Exposure of Sensitive Information CVSS (v3): 5.3 Release Date: 2025-10-16 Vulnerability Description An unauthenticated absolute and relative path traversal vulnerability exists via the endpoint of the smart home/building automation platform. By manipulating the POST parameter, remote attackers can read arbitrary files from the server's filesystem, leading to sensitive information disclosure. Affected Versions References 1. CVE-2025-34517 2. CVE-2025-34518 3. ExploitDB