CVE-2025-15620 HIGH

CVE-2025-15620: HiOS Switch Platform Denial-of-Service via Web Interface

Vendor Belden
Product Hirschmann HiOS Switch Platform
Weakness CWE-306 · Missing auth
Published April 2, 2026
Last update May 25, 2026

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

What the vulnerability does

01Description

HiOS Switch Platform versions 09.1.00 through 09.4.04 and 10.0.00 through 10.3.00 contain a denial-of-service vulnerability in the web interface that allows remote attackers to reboot the affected device by sending a malicious HTTP GET request to a specific endpoint. Attackers can trigger an uncontrolled reboot condition through crafted HTTP requests to cause service disruption and unavailability of the switch.

Key dates

02Disclosure timeline

April 2, 2026 CVE published
May 25, 2026 Record updated