Vulnerability Description
EWON Flexy 202 transmits user credentials in clear text with no encryption when a user is added, or user credentials are changed via its webpage.
CVSS Score
5.7
MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Related Weaknesses (CWE)
References
- https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/ewon/
- https://support.hms-networks.com/hc/en-us/articles/19393244940818-How-to-block-a
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-023-06
- https://www.hms-networks.com/cyber-security
FAQ
What is CVE-2025-0432?
CVE-2025-0432 is a vulnerability with a CVSS score of 5.7 (MEDIUM). EWON Flexy 202 transmits user credentials in clear text with no encryption when a user is added, or user credentials are changed via its webpage.
How severe is CVE-2025-0432?
CVE-2025-0432 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-0432?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.