CVE-2025-34519 — HIGH (7.5)

Q: How severe is CVE-2025-34519?

CVE-2025-34519 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-34519?

Check the references section above for vendor advisories and patch information. Affected products include: Ilevia Eve X1 Server Firmware, Ilevia Eve X1 Server.

Vulnerability Description

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is a fast, unsalted hash, an attacker who obtains the password database can efficiently perform offline dictionary, rainbow‑table, or brute‑force attacks to recover the original passwords. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Ilevia	Eve X1 Server Firmware	<= 4.7.18.0
Ilevia	Eve X1 Server	-

Related Weaknesses (CWE)

CWE-327

References

FAQ

What is CVE-2025-34519?

CVE-2025-34519 is a vulnerability with a CVSS score of 7.5 (HIGH). Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password sal...

How severe is CVE-2025-34519?

CVE-2025-34519 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-34519?

Check the references section above for vendor advisories and patch information. Affected products include: Ilevia Eve X1 Server Firmware, Ilevia Eve X1 Server.