CVE-2026-25818

Name of the Vulnerable Software and Affected Versions HMS Networks Ewon Flexy versions prior to 15.0s4 HMS Networks Ewon Cosy+ versions 22.xx prior to 22.1s6 HMS Networks Ewon Cosy+ versions 23.xx prior to 23.0s3

Description The affected devices have weak entropy for authentication cookies. This allows an attacker who obtains a session cookie to potentially determine the user password through brute-forcing an encryption parameter.

Recommendations Update HMS Networks Ewon Flexy to version 15.0s4 or later. Update HMS Networks Ewon Cosy+ to version 22.1s6 or later. Update HMS Networks Ewon Cosy+ to version 23.0s3 or later.