CVE-2025-0432

Summary

EWON Flexy 202 transmits user credentials in clear text with no encryption when a user is added, or user credentials are changed via its webpage.

Affected Software

VendorProductVersion RangeStatus
HMS NetworksEwon Flexy 202Allaffected

Weaknesses

  • CWE-319: CWE-319 Cleartext Transmission of Sensitive Information

Workarounds

To ensure the highest level of security when using the Ewon Flexy device, HMS strongly recommend following these best practices:

For further information, please visit the HMS Security Advisories https://www.hms-networks.com/cyber-security  page.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References