8.7
CVE-2025-34518
- EPSS 0.6%
- Veröffentlicht 16.10.2025 17:55:00
- Zuletzt bearbeitet 23.10.2025 19:13:59
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
Ilevia EVE X1 Server 4.7.18.0.eden Relative Path Traversal
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a relative path traversal vulnerability in get_file_content.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ilevia ≫ Eve X1 Server Firmware Version <= 4.7.18.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.6% | 0.442 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| disclosure@vulncheck.com | 8.7 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
https://www.ilevia.com/
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5960.php
https://www.vulncheck.com/advisories/ilevia-eve-x1-server-relative-path-traversal