CVE-2025-34183

Published: Sep 16, 2025Modified: Sep 25, 2025

9.3

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: disclosure@vulncheck.com (Secondary)

Description

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a vulnerability in its server-side logging mechanism that allows unauthenticated remote attackers to retrieve plaintext credentials from exposed .log files. This flaw enables full authentication bypass and system compromise through credential reuse.

Affected (1)

Products: Ilevia: Eve X1 Server Firmware

1 product

Eve X1 Server Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ilevia Eve X1 Server Firmware	Up to 4.7.18.0

Running on/with	Platform Versions
Ilevia Eve X1 Server	All versions

Related CWEs

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (5)

https://packetstorm.news/files/id/208700/

Source: disclosure@vulncheck.com

ExploitThird Party Advisory

https://www.ilevia.com/

Source: disclosure@vulncheck.com

Product

https://www.vulncheck.com/advisories/ilevia-eve-x1-server-credentials-leak-through-log-disclosure

Source: disclosure@vulncheck.com

Third Party Advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5957.php

Source: disclosure@vulncheck.com

ExploitRelease NotesThird Party Advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5957.php

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitRelease NotesThird Party Advisory

Timeline

No history available yet.