CVE-2025-34517 Ilevia CVE debrief

Who should care

OT/ICS operators using Ilevia EVE X1, plant and building automation teams, network and firewall administrators, and asset owners responsible for any system reachable on port 8080.

Technical summary

The supplied CSAF record describes an absolute path traversal in get_file_content.php on Ilevia EVE X1 Server firmware. The listed CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (7.5 High), indicating network-reachable access with no privileges or user interaction required and a confidentiality impact from arbitrary file reads. The source also says Ilevia has declined to service the vulnerability and recommends that customers not expose port 8080 to the internet.

Defensive priority

High. Treat as urgent for any internet-exposed deployment or any environment where port 8080 is reachable from untrusted networks.

Recommended defensive actions

• Identify all Ilevia EVE X1 deployments and confirm whether port 8080 is reachable from the internet or other untrusted networks.
• Close port 8080 on devices and routers, and block external access at firewalls and edge controls.
• Upgrade to the newest version of Ilevia Manager from the vendor’s download page and use the secure access option referenced in the advisory.
• Change all default passwords on active systems to strong, unique credentials.
• Review firewall rules and network segmentation so only intended management paths are allowed.
• Monitor for unauthorized access attempts and investigate any unexpected file-access activity or configuration exposure.

Evidence notes

This debrief is based on the CISA CSAF advisory ICSA-26-036-04 and its associated source record, both published on 2026-02-05 with an initial revision history entry on the same date. The source description explicitly states the path traversal in get_file_content.php, the arbitrary file-read impact, the vendor’s decision not to service the issue, and the recommendation not to expose port 8080 to the internet.

Official resources