CVE-2025-51540
📋 TL;DR
EzGED3 3.5.0 uses MD5 double-hashing without salting for password storage, making stored credentials vulnerable to offline brute-force attacks if password hashes are obtained. This affects all users of vulnerable versions where password databases could be accessed. Attackers can efficiently crack passwords using rainbow tables or GPU acceleration.
💻 Affected Systems
- EzGED3
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full credential compromise leading to unauthorized administrative access, data theft, and potential lateral movement within affected systems.
Likely Case
Credential harvesting and reuse attacks if password databases are exposed, potentially enabling account takeover.
If Mitigated
Limited impact if proper access controls prevent hash disclosure and strong unique passwords are used.
🎯 Exploit Status
Exploitation requires access to password hashes; no authentication bypass is needed for hash cracking once obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.5.72.27183
Vendor Advisory: https://ballpoint.fr/en/blog/ezged3-preauth-file-read-admin-takeover
Restart Required: No
Instructions:
1. Backup current installation. 2. Download and install version 3.5.72.27183 from vendor. 3. Verify update completes successfully. 4. Consider forcing password resets for all users.
🔧 Temporary Workarounds
Force Password Reset
allRequire all users to change passwords to generate new hashes with updated algorithm after patching.
Admin panel: Force password reset for all users
🧯 If You Can't Patch
- Implement strict access controls to prevent unauthorized access to password databases.
- Enforce strong password policies and monitor for unusual authentication attempts.
🔍 How to Verify
Check if Vulnerable:
Check EzGED3 version in admin interface or configuration files; versions 3.5.0 to before 3.5.72.27183 are vulnerable.Check Version:
Check admin dashboard or config files for version number.Verify Fix Applied:
Confirm version is 3.5.72.27183 or later in admin panel; verify password hashing uses secure algorithm (not MD5).📡 Detection & Monitoring
Log Indicators:
- Multiple failed login attempts from single source
- Unusual access to user database files
Network Indicators:
- Suspicious requests to password-related endpoints
- Unexpected database export activities
SIEM Query:
source="ezged3" AND (event="failed_login" OR event="db_access")