CVE-2025-34518 Ilevia CVE debrief

Who should care

OT/ICS operators using Ilevia EVE X1, especially any deployment reachable on port 8080; network/security teams responsible for exposure control, firewalling, segmentation, and credential hygiene.

Technical summary

The supplied CISA advisory describes a network-reachable relative path traversal in get_file_content.php that can be used to read arbitrary files. The provided CVSS 3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating unauthenticated remote confidentiality impact without integrity or availability impact in the published score.

Defensive priority

High priority: treat as urgent for any EVE X1 instance that is exposed to untrusted networks or lacks compensating controls.

Recommended defensive actions

• Update to the newest version of Ilevia Manager from the vendor’s download page, following the advisory’s mitigation guidance.
• Verify port 8080 is closed on devices and routers; do not expose it directly to the internet.
• Use the secure access option provided in the updated Ilevia Manager instead of open exposure.
• Change all default passwords on active systems to strong, unique credentials.
• Review firewall settings and apply network segmentation to reduce external and internal attack surface.
• Monitor for unauthorized access attempts and confirm internal protections are functioning as intended.

Evidence notes

The supplied source item is CISA CSAF advisory ICSA-26-036-04, published and modified on 2026-02-05, and it explicitly states that Ilevia EVE X1 Server firmware contains a relative path traversal vulnerability in get_file_content.php that allows arbitrary file reads. The advisory’s remediation section is mitigation-focused and includes closing port 8080, updating Ilevia Manager, changing default passwords, reviewing firewalls, and segmenting networks. The corpus also includes MITRE CWE-22 and an official CVSS 3.1 vector of AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. No KEV entry is provided in the supplied enrichment.

Official resources