CVE-2025-51540 Information

Aug 20, 2025 cve

Description

EzGED3 3.5.0 stores user passwords using an insecure hashing scheme: md5(md5(password)). This hashing method is cryptographically weak and allows attackers to perform efficient offline brute-force attacks if password hashes are disclosed. The lack of salting and use of a fast outdated algorithm makes it feasible to recover plaintext credentials using precomputed tables or GPU-based cracking tools. The vendor states that the issue is fixed in 3.5.72.27183.

Reference

https://ballpoint.fr/en/blog/ezged3-preauth-file-read-admin-takeover

CNNVD-202508-2115 (Published: 2025-08-19)

Share on:

CVE-2025-51540 Information

Description

Reference

Related CNNVD