CVE-2026-25817

Name of the Vulnerable Software and Affected Versions HMS Networks Ewon Flexy versions prior to 15.0s4 HMS Networks Ewon Cosy+ versions 22.xx prior to 22.1s6 HMS Networks Ewon Cosy+ versions 23.xx prior to 23.0s3

Description The software contains improper neutralization of special elements used in an OS command, which could allow remote code execution. An attacker with low privilege access on the gateway, who has credentials, can exploit this issue.

Recommendations Update HMS Networks Ewon Flexy to version 15.0s4 or later. Update HMS Networks Ewon Cosy+ to version 22.1s6 or later. Update HMS Networks Ewon Cosy+ to version 23.0s3 or later.