CVE-2026-25819

Name of the Vulnerable Software and Affected Versions HMS Networks Ewon Flexy versions prior to 15.0s4 HMS Networks Cosy+ versions 22.xx prior to 22.1s6 HMS Networks Cosy+ versions 23.xx prior to 23.0s3

Description The software allows unauthenticated attackers to cause a Denial of Service. This is achieved by sending a specially crafted HTTP request that results in a device reboot, requiring access to the device’s GUI.

Recommendations Update HMS Networks Ewon Flexy to version 15.0s4 or later. Update HMS Networks Cosy+ to version 22.1s6 or later. Update HMS Networks Cosy+ to version 23.0s3 or later.