CVE-2025-34519

16.10.2025, 18:15

IleviaEVE X1 Server firmware versions  4.7.18.0.eden contain an insecure hashing algorithm vulnerability.The product stores passwords using the MD5 hash function without applying a perpassword salt.Because MD5 is a fast, unsalted hash, an attacker who obtains the password database can efficiently perform offline dictionary, rainbowtable, or bruteforce attacks to recover the original passwords. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.

Provider	Type	Base Score	Vector
NIST	NIST	UNKNOWN	---
VulnCheck	CNA	---	---
CISA-ADP	ADP	---	---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 7%

Common Weakness Enumeration

CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.

References

https://www.ilevia.com/

https://www.vulncheck.com/advisories/ilevia-eve-x1-server-insecure-hashing-algorithm