CVE-2025-34519
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-34519, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-16

Last updated on: 2025-11-06

Assigner: VulnCheck

Description

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is a fast, unsalted hash, an attacker who obtains the password database can efficiently perform offline dictionary, rainbow‑table, or brute‑force attacks to recover the original passwords. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-16
Last Modified
2025-11-06
Generated
2026-07-06
AI Q&A
2025-10-16
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
ilevia eve_x1_server_firmware to 4.7.18.0 (inc)
ilevia eve_x1_server *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-327 The product uses a broken or risky cryptographic algorithm or protocol.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in Ilevia EVE X1 Server firmware versions up to 4.7.18.0.eden, where passwords are stored using the MD5 hashing algorithm without a per-password salt. MD5 is a fast and outdated hash function, and without salting, it allows attackers who obtain the password database to efficiently perform offline dictionary, rainbow-table, or brute-force attacks to recover the original passwords.

Impact Analysis

If an attacker gains access to the password database, they can quickly crack user passwords due to the use of fast, unsalted MD5 hashes. This can lead to unauthorized access to user accounts and potentially compromise the security of the system and sensitive data.

Mitigation Strategies

To mitigate this vulnerability, you should avoid exposing port 8080 to the internet as recommended by Ilevia. Since the vendor has declined to service this vulnerability, restricting external access to the affected service is the primary immediate mitigation step.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-34519. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart