Cyber Resilience

CVE-2026-25819

HighDDoS

Published: 13 March 2026

Published
13 March 2026
Modified
27 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0034 57.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-25819 is a high-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Windows (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 42.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2026-25819 is a denial-of-service vulnerability in HMS Networks Ewon Flexy and Cosy+ devices. It affects Ewon Flexy with firmware versions before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3. The flaw enables unauthenticated attackers to trigger a device reboot using a specially crafted HTTP request, provided they can access the device's GUI. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and maps to CWE-400 (Uncontrolled Resource Consumption).

Any unauthenticated attacker with network access to the affected device's GUI can exploit this vulnerability. By sending the crafted HTTP request, they cause an immediate reboot, disrupting device availability and potentially impacting operational technology environments where these industrial gateways are deployed.

The HMS Networks security advisory (https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/cybersecurity/security-advisory/hms-security-advisory-2026-03-09-001---ewon-several-flexy-and-cosy--vulnerabilities.pdf?sfvrsn=f7c027b8_13) addresses this and related vulnerabilities, recommending firmware updates to version 15.0s4 or later for Ewon Flexy, 22.1s6 or later for Cosy+ 22.xx, and 23.0s3 or later for Cosy+ 23.xx as the primary mitigation. Product details are available at https://www.hms-networks.com/p/flexy20500-00ma-ewon-flexy-205.

EU & UK References

Vulnerability details

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 allows unauthenticated attackers to cause a Denial of Service by using a specially crafted HTTP request that leads to…

more

a reboot of the device, provided they have access to the device's GUI.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

CVE enables unauthenticated exploitation of public-facing HTTP GUI (T1190) to trigger resource exhaustion leading to device reboot/crash (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-39304Shared CWE-400
CVE-2025-27669Shared CWE-400
CVE-2026-21637Shared CWE-400
CVE-2026-27888Shared CWE-400
CVE-2025-59472Shared CWE-400
CVE-2025-40944Shared CWE-400
CVE-2025-24269Shared CWE-400
CVE-2026-46829Shared CWE-400
CVE-2025-59464Shared CWE-400
CVE-2026-30350Shared CWE-400

Affected Assets

Windows
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the firmware flaw causing the DoS reboot via timely identification, testing, and deployment of vendor-recommended updates.

prevent

Provides denial-of-service protections such as rate limiting and resource controls to block crafted HTTP requests that trigger uncontrolled resource consumption and reboots.

prevent

Enforces boundary protections like firewalls to deny unauthenticated network access to the vulnerable device GUI, stopping attackers before they can send the exploit.

References