Ezged3 · Ezged3 · CVE-2025-51540
Name of the Vulnerable Software and Affected Versions:
EzGED3 versions 3.5.0 through 3.5.72.27183
Description:
EzGED3 stores user passwords using an insecure hashing scheme: md5(md5(password)). This hashing method is cryptographically weak, allowing attackers to perform efficient offline brute-force attacks if password hashes are disclosed. The lack of salting and use of a fast, outdated algorithm makes it feasible to recover plaintext credentials using precomputed tables or GPU-based cracking tools.
Recommendations:
Update EzGED3 to version 3.5.72.27183 or later.