CVE-2025-34519
HIGHDescription
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is a fast, unsalted hash, an attacker who obtains the password database can efficiently perform offline dictionary, rainbow‑table, or brute‑force attacks to recover the original passwords. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.
Is your site exposed to CVE-2025-34519?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| ilevia | eve_x1_server_firmware |
| ilevia | eve_x1_server |
References
Frequently Asked Questions
What is CVE-2025-34519? +
How severe is CVE-2025-34519? +
What products are affected by CVE-2025-34519? +
How do I check if I'm vulnerable to CVE-2025-34519? +
Related Vulnerabilities
An Improper Authorization vulnerability was identified in the EOL OVA based connect component which is deployed for installation purposes in …
Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES (3DES) cryptographic algorithm is used …
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. In versions prior to commit 36f70d1, the …
Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows …
Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all versions since 1.0.0 and prior to …
Deck Mate 2's firmware update mechanism accepts packages without cryptographic signature verification, encrypts them with a single hard-coded AES key …