Ilevia EVE X1 Server 4.7.18.0.eden Credentials Leak Through Log Disclosure

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a vulnerability in its server-side logging mechanism that allows unauthenticated remote attackers to retrieve plaintext credentials from exposed .log files. This flaw enables full authentication bypass and system compromise through credential reuse.

Basic Information

ID CVE-2025-34183

Source VulnCheck

Published Sep 16, 2025 at 19:39

Modified Sep 16, 2025 at 19:40

Affected Product

Vendor Ilevia Srl.

Product EVE X1 Server

Version *

Affected Versions Ilevia Srl. EVE X1 Server *

CWE Classification

CWE-532

References

{
    "lastseen": "",
    "description": "Ilevia EVE X1 Server version \u2264 4.7.18.0.eden contains a vulnerability in its server-side logging mechanism that allows unauthenticated remote attackers to retrieve plaintext credentials from exposed .log files. This flaw enables full authentication bypass and system compromise through credential reuse.",
    "published": "2025-09-16T19:39:20.150Z",
    "modified": "2025-09-16T19:40:27.863Z",
    "type": "cve",
    "title": "Ilevia EVE X1 Server 4.7.18.0.eden Credentials Leak Through Log Disclosure",
    "source": "VulnCheck",
    "references": "https://www.ilevia.com/\nhttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5957.php\nhttps://packetstorm.news/files/id/208700/\nhttps://www.vulncheck.com/advisories/ilevia-eve-x1-server-credentials-leak-through-log-disclosure",
    "id": "CVE-2025-34183",
    "bulletinFamily": "",
    "cwe": [
        "CWE-532"
    ],
    "cvelist": null,
    "sourceData": "Ilevia Srl. EVE X1 Server *",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EVE X1 Server",
    "version": "*",
    "vendor": "Ilevia Srl.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Ilevia EVE X1 Server 4.7.18.0.eden Credentials Leak Through Log Disclosure_CVE-2025-34183