PT-2025-42507 · Unknown · Ilevia Eve X1

Gjoko Krstic

Published

2025-10-16

Updated

2025-11-06

CVE-2025-34519

CVSS v4.0

8.2

High

Vector

AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Ilevia EVE X1 Server firmware versions prior to 4.7.18.0.eden

Description The product stores passwords using the MD5 hash function without applying a per-password salt. Because MD5 is a fast, unsalted hash, an attacker who obtains the password database can efficiently perform offline dictionary, rainbow-table, or brute-force attacks to recover the original passwords.

Recommendations Do not expose port 8080 to the internet.

Exploit

Fix

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-327

Related Identifiers

CVE-2025-34519

Affected Products

Ilevia Eve X1

PT-2025-42507 · Unknown · Ilevia Eve X1

CVE-2025-34519

Weakness Enumeration

Related Identifiers

Affected Products

References · 8