Description

EzGED3 3.5.0 stores user passwords using an insecure hashing scheme: md5(md5(password)). This hashing method is cryptographically weak and allows attackers to perform efficient offline brute-force attacks if password hashes are disclosed. The lack of salting and use of a fast, outdated algorithm makes it feasible to recover plaintext credentials using precomputed tables or GPU-based cracking tools. The vendor states that the issue is fixed in 3.5.72.27183.

INFO

Published Date :

2025-08-19T00:00:00.000Z

Last Modified :

2025-08-19T19:59:17.703Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-51540 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-51540.

URL Resource
https://ballpoint.fr/en/blog/ezged3-preauth-file-read-admin-takeover cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System