CVE-2026-25823CRITICAL 9.8EPSS p49.2%

CVE-2026-25823CVE-2026-25823

Description

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have a stack buffer overflow that leads to a Denial of Service, which can also be exploited to achieve Unauthenticated Remote Code Execution.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.73% probability of exploitation · percentile 49.2% · 2026-06-19T12:03:05Z
Published2026-03-13
Last modified2026-04-27

Underlying weaknesses· 1

CWE-121

References

  1. https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/cybersecurity/security-advisory/hms-security-advisory-2026-03-09-001---ewon-several-flexy-and-cosy--vulnerabilities.pdf?sfvrsn=f7c027b8_13
  2. https://www.hms-networks.com/p/flexy20500-00ma-ewon-flexy-205

1

TypeTargetConfidenceTier
WeaknessStack-based Buffer Overflowcwe-1210%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-25817
CVE
CVE-2026-25818
CVE
CVE-2026-24465
CVE
CVE-2026-3823
CVE
CVE-2026-25293
CVE
CVE-2026-22550
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.