CVE-2025-34518 is a path traversal vulnerability classified under CWE-22 affecting Ilevia Srl.'s EVE X1 Server firmware versions up to 4.7.18.0.eden. The vulnerability resides in the get_file_content.php endpoint, which improperly restricts pathname inputs, allowing attackers to traverse directories and read arbitrary files on the server filesystem. Exploitation requires no authentication, user interaction, or privileges, and can be performed remotely over the network targeting port 8080, which is the default management interface port for the device. The vulnerability can lead to disclosure of sensitive files such as configuration files, credentials, or other critical data stored on the device, severely compromising confidentiality. Ilevia has declined to issue a patch or update to remediate this issue and instead recommends that customers do not expose the vulnerable port to the internet. No known exploits are currently reported in the wild, but the low complexity and high impact make exploitation feasible for attackers. The CVSS v4.0 base score of 8.7 reflects the high severity, driven by network attack vector, no required privileges or user interaction, and high confidentiality impact. This vulnerability is particularly concerning for organizations relying on EVE X1 Servers for critical infrastructure or sensitive operations, as unauthorized file access can lead to further compromise or data leakage.

For European organizations, this vulnerability poses a significant risk to confidentiality and potentially to operational security. Unauthorized file access could expose sensitive configuration files, authentication credentials, or proprietary data, enabling attackers to escalate privileges or pivot within the network. Organizations in sectors such as industrial control, manufacturing, or critical infrastructure that utilize EVE X1 Servers may face operational disruptions or data breaches. The lack of vendor patch support increases the risk exposure, forcing organizations to rely on compensating controls. If exploited, attackers could gain insights into network architecture or security mechanisms, facilitating further attacks. The exposure of port 8080 to the internet amplifies the threat, especially for organizations with remote management enabled. This vulnerability could also undermine compliance with European data protection regulations if sensitive personal or business data is accessed or leaked.

Given the absence of an official patch, European organizations should implement strict network segmentation to isolate EVE X1 Servers from untrusted networks. Firewall rules must block inbound traffic to port 8080 from the internet and restrict access to trusted management networks only. Deploy intrusion detection or prevention systems to monitor and alert on suspicious requests targeting get_file_content.php or unusual file access patterns. Consider disabling or restricting the vulnerable management interface if feasible. Conduct regular audits of exposed services and firmware versions to identify vulnerable devices. Employ VPNs or secure tunnels for remote management to avoid direct exposure. Maintain up-to-date asset inventories to quickly identify affected devices. If possible, replace or upgrade devices to alternative solutions with active vendor support. Finally, educate IT staff about this vulnerability and the importance of minimizing exposure of management interfaces.