{"id":25009,"date":"2025-11-06T09:38:03","date_gmt":"2025-11-06T09:38:03","guid":{"rendered":"http:\/\/localhost\/?p=25009"},"modified":"2025-11-06T09:38:03","modified_gmt":"2025-11-06T09:38:03","slug":"ilevia-eve-x1x5-server-47180eden-insecure-hashing-algorithm","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=25009","title":{"rendered":"Ilevia EVE X1\/X5 Server 4.7.18.0.eden Insecure Hashing Algorithm_ZSL-2025-5964"},"content":{"rendered":"

{“lastseen”:”2025-11-06T15:17:41″,”description”:”Title: Ilevia EVE X1\/X5 Server 4.7.18.0.eden Insecure Hashing Algorithm Advisory ID:…”,”published”:”2025-11-06T00:00:00″,”modified”:”2025-11-06T00:00:00″,”type”:”zeroscience”,”title”:”Ilevia EVE X1\/X5 Server 4.7.18.0.eden Insecure Hashing Algorithm”,”source”:””,”references”:””,”id”:”ZSL-2025-5964″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-34519″],”sourceData”:”\\u003chtml\\u003e\\u003cbody\\u003e\\u003cp\\u003eIlevia EVE X1\/X5 Server 4.7.18.0.eden Insecure Hashing Algorithm\\r\\n\\r\\n\\r\\nVendor: Ilevia Srl.\\r\\nProduct web page: https:\/\/www.ilevia.com\\r\\nAffected version: \\u0026lt;= 4.7.18.0.eden (Logic ver: 6.00)\\r\\n\\r\\nSummary: EVE is a smart home and building automation solution designed\\r\\nfor both residential and commercial environments, including malls, hotels,\\r\\nrestaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive\\r\\ncontrol and monitoring of electrical installations through a highly customizable,\\r\\nuser-friendly interface.\\r\\n\\r\\nEVE is a multi-protocol platform that integrates various systems within\\r\\na smart building to enhance comfort, security, safety, and energy efficiency.\\r\\nUsers can manage building functions via iPhone, iPad, Android devices, Windows\\r\\nPCs, or Mac computers.\\r\\n\\r\\nThe EVE X1 Server is the dedicated hardware solution for advanced building\\r\\nautomation needs. Compact and powerful, it is ideal for apartments, small\\r\\nto medium-sized homes, and smaller commercial installations. It is designed\\r\\nto manage entire automation systems reliably and efficiently.\\r\\n\\r\\nDesc: The application stores user passwords in the database using the MD5 hashing\\r\\nalgorithm, which is considered cryptographically insecure due to its vulnerability\\r\\nto collision and brute-force attacks. MD5 lacks modern protections such as salting\\r\\nand computational hardness, making it trivial for attackers to crack password hashes\\r\\nusing precomputed rainbow tables or GPU-accelerated dictionary attacks.\\r\\n\\r\\nTested on: GNU\/Linux 5.4.35 (armv7l)\\r\\n GNU\/Linux 4.19.97 (armv7l)\\r\\n Armbian 20.02.1 Buster\\r\\n Apache\/2.4.38 (Debian)\\r\\n PHP Version 7.3.14\\r\\n\\r\\n\\r\\nVulnerability discovered by Gjoko ‘LiquidWorm’ Krstic\\r\\n @zeroscience\\r\\n\\r\\n\\r\\nAdvisory ID: ZSL-2025-5964\\r\\nAdvisory URL: https:\/\/www.zeroscience.mk\/en\/vulnerabilities\/ZSL-2025-5964.php\\r\\nCVE ID: CVE-2025-34519\\r\\nCVE URL: https:\/\/www.cve.org\/CVERecord?id=CVE-2025-34519\\r\\n\\r\\n\\r\\n01.05.2024\\r\\n\\r\\n–\\r\\n\\r\\n\\r\\nsqlite\\u0026gt; .open bh.data.eden\\r\\nsqlite\\u0026gt; .tables\\r\\nEDEN_CUSTOMDATA EDEN_PARAMETERS EDEN_VERSION\\r\\nEDEN_GATEWAYS EDEN_USERS\\r\\nsqlite\\u0026gt; select user,password from EDEN_USERS;\\r\\n__eve_event__|31fbf6c7905dfe020e872e648b93cce0\\r\\nroot|31fbf6c7905dfe020e872e648b93cce0\\r\\nadmin|5f4dcc3b5aa765d61d8327deb882cf99\\r\\nmap|25f9e794323b453885f5181f1b624d0b\\r\\nsqlite\\u0026gt; .q\\r\\n\\u003c\/p\\u003e\\u003c\/body\\u003e\\u003c\/html\\u003e”,”sourceHref”:”http:\/\/zeroscience.mk\/codes\/ilevia_hash.txt”,”cvss”:{“score”:8.2,”severity”:”HIGH”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:P\/PR:N\/UI:N\/VC:H\/SC:N\/VI:N\/SI:N\/VA:N\/SA:N”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”http:\/\/zeroscience.mk\/en\/vulnerabilities\/ZSL-2025-5964.php”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2025-11-06T15:17:41″,”description”:”Title: Ilevia EVE X1\/X5 Server 4.7.18.0.eden Insecure Hashing Algorithm Advisory ID:…”,”published”:”2025-11-06T00:00:00″,”modified”:”2025-11-06T00:00:00″,”type”:”zeroscience”,”title”:”Ilevia EVE X1\/X5 Server 4.7.18.0.eden Insecure Hashing Algorithm”,”source”:””,”references”:””,”id”:”ZSL-2025-5964″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-34519″],”sourceData”:”\\u003chtml\\u003e\\u003cbody\\u003e\\u003cp\\u003eIlevia EVE X1\/X5 Server 4.7.18.0.eden Insecure Hashing Algorithm\\r\\n\\r\\n\\r\\nVendor:…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,77,12,15,13,7,11,5,107],"class_list":["post-25009","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-82","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability","tag-zeroscience"],"yoast_head":"\nIlevia EVE X1\/X5 Server 4.7.18.0.eden Insecure Hashing Algorithm_ZSL-2025-5964 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=25009\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Ilevia EVE X1\/X5 Server 4.7.18.0.eden Insecure Hashing Algorithm_ZSL-2025-5964 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2025-11-06T15:17:41″,”description”:”Title: Ilevia EVE X1\/X5 Server 4.7.18.0.eden Insecure Hashing Algorithm Advisory ID:…”,”published”:”2025-11-06T00:00:00″,”modified”:”2025-11-06T00:00:00″,”type”:”zeroscience”,”title”:”Ilevia EVE X1\/X5 Server 4.7.18.0.eden Insecure Hashing Algorithm”,”source”:””,”references”:””,”id”:”ZSL-2025-5964″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-34519″],”sourceData”:”u003chtmlu003eu003cbodyu003eu003cpu003eIlevia EVE X1\/X5 Server 4.7.18.0.eden Insecure Hashing AlgorithmrnrnrnVendor:...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=25009\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-06T09:38:03+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=25009#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=25009\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Ilevia EVE X1\\\/X5 Server 4.7.18.0.eden Insecure Hashing Algorithm_ZSL-2025-5964\",\"datePublished\":\"2025-11-06T09:38:03+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=25009\"},\"wordCount\":587,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-8.2\",\"exploit\",\"HIGH\",\"news\",\"Security\",\"tapic\",\"Vulnerability\",\"zeroscience\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=25009#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=25009\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=25009\",\"name\":\"Ilevia EVE X1\\\/X5 Server 4.7.18.0.eden Insecure Hashing Algorithm_ZSL-2025-5964 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-11-06T09:38:03+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=25009#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=25009\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=25009#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Ilevia EVE X1\\\/X5 Server 4.7.18.0.eden Insecure Hashing Algorithm_ZSL-2025-5964\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Ilevia EVE X1\/X5 Server 4.7.18.0.eden Insecure Hashing Algorithm_ZSL-2025-5964 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=25009","og_locale":"en_US","og_type":"article","og_title":"Ilevia EVE X1\/X5 Server 4.7.18.0.eden Insecure Hashing Algorithm_ZSL-2025-5964 - zero redgem","og_description":"{“lastseen”:”2025-11-06T15:17:41″,”description”:”Title: Ilevia EVE X1\/X5 Server 4.7.18.0.eden Insecure Hashing Algorithm Advisory ID:…”,”published”:”2025-11-06T00:00:00″,”modified”:”2025-11-06T00:00:00″,”type”:”zeroscience”,”title”:”Ilevia EVE X1\/X5 Server 4.7.18.0.eden Insecure Hashing Algorithm”,”source”:””,”references”:””,”id”:”ZSL-2025-5964″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-34519″],”sourceData”:”u003chtmlu003eu003cbodyu003eu003cpu003eIlevia EVE X1\/X5 Server 4.7.18.0.eden Insecure Hashing AlgorithmrnrnrnVendor:...","og_url":"https:\/\/zero.redgem.net\/?p=25009","og_site_name":"zero redgem","article_published_time":"2025-11-06T09:38:03+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=25009#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=25009"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Ilevia EVE X1\/X5 Server 4.7.18.0.eden Insecure Hashing Algorithm_ZSL-2025-5964","datePublished":"2025-11-06T09:38:03+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=25009"},"wordCount":587,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-8.2","exploit","HIGH","news","Security","tapic","Vulnerability","zeroscience"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=25009#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=25009","url":"https:\/\/zero.redgem.net\/?p=25009","name":"Ilevia EVE X1\/X5 Server 4.7.18.0.eden Insecure Hashing Algorithm_ZSL-2025-5964 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-11-06T09:38:03+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=25009#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=25009"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=25009#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Ilevia EVE X1\/X5 Server 4.7.18.0.eden Insecure Hashing Algorithm_ZSL-2025-5964"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/25009","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=25009"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/25009\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=25009"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=25009"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=25009"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}