CVE-2025-34519
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-16

Last updated on: 2025-11-06

Assigner: VulnCheck

Description
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is a fast, unsalted hash, an attacker who obtains the password database can efficiently perform offline dictionary, rainbow‑table, or brute‑force attacks to recover the original passwords. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-16
Last Modified
2025-11-06
Generated
2026-06-16
AI Q&A
2025-10-16
EPSS Evaluated
2026-06-14
NVD
CVE-2025-34519
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
ilevia eve_x1_server_firmware to 4.7.18.0 (inc)
ilevia eve_x1_server *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-327 The product uses a broken or risky cryptographic algorithm or protocol.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Ilevia EVE X1 Server firmware versions up to 4.7.18.0.eden, where passwords are stored using the MD5 hashing algorithm without a per-password salt. MD5 is a fast and outdated hash function, and without salting, it allows attackers who obtain the password database to efficiently perform offline dictionary, rainbow-table, or brute-force attacks to recover the original passwords.

Impact Analysis

If an attacker gains access to the password database, they can quickly crack user passwords due to the use of fast, unsalted MD5 hashes. This can lead to unauthorized access to user accounts and potentially compromise the security of the system and sensitive data.

Mitigation Strategies

To mitigate this vulnerability, you should avoid exposing port 8080 to the internet as recommended by Ilevia. Since the vendor has declined to service this vulnerability, restricting external access to the affected service is the primary immediate mitigation step.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-34519. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart