Title: Ilevia EVE X1/X5 Server 4.7.18.0.eden Insecure Hashing Algorithm Advisory ID: ZSL-2025-5964 Type: Local/Remote Impact: Security Bypass Risk: 3/5 Release Date: 06.11.2025 Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly customizable, user-friendly interface. Description The application stores user passwords in the database using the MD5 hashing algorithm, which is considered cryptographically insecure due to its vulnerability to collision and brute-force attacks. MD5 lacks modern protections such as salting and computational hardness, making it trivial for attackers to crack password hashes using precomputed rainbow tables or GPU-accelerated dictionary attacks. Vendor Ilevia Srl. -  Affected Version References [1]  [2]  Changelog [06.11.2025] - Initial release Contact Zero Science Lab Web:  e-mail: lab@zeroscience.mk