CVE-2025-15620

Published: Apr 2, 2026

Modified: May 25, 2026

PUBLISHED

CVSS v3.1

8.6

HIGH

Description

HiOS Switch Platform versions 09.1.00 through 09.4.04 and 10.0.00 through 10.3.00 contain a denial-of-service vulnerability in the web interface that allows remote attackers to reboot the affected device by sending a malicious HTTP GET request to a specific endpoint. Attackers can trigger an uncontrolled reboot condition through crafted HTTP requests to cause service disruption and unavailability of the switch.

Vendor	Product	Versions
Belden	Hirschmann HiOS Switch Platform	affected `09.1.00 - <= 09.4.05` affected `10.0.00 - <= 10.3.01`

Weaknesses (CWE)

CWE-306

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

References

Belden Security Advisories

vendor-advisory

https://www.vulncheck.com/advisories/hios-switch-platform-denial-of-service-via-web-interface

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-15620

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References