CVE-2026-25819

HIGH
2026-03-13 [email protected]
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 13, 2026 - 20:00 vuln.today
CVE Published
Mar 13, 2026 - 19:54 nvd
HIGH 7.5

Tags

Denial Of Service

Description

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 allows unauthenticated attackers to cause a Denial of Service by using a specially crafted HTTP request that leads to a reboot of the device, provided they have access to the device's GUI.

Analysis

CVE-2026-25819 is an unauthenticated denial of service vulnerability affecting HMS Networks Ewon industrial IoT gateways (Flexy and Cosy+ models) that allows remote attackers to reboot devices through specially crafted HTTP requests to the web GUI. With a CVSS score of 7.5 (High) but low EPSS score (0.02%), this vulnerability has not been added to CISA KEV and shows minimal exploitation activity in the wild.

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Inventory all HMS Networks Ewon devices and document network exposure. Within 7 days: Implement network segmentation to restrict HTTP access to the web GUI and disable internet-facing access where possible. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

38
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +38
POC: 0

Share

CVE-2026-25819 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy