CVE-2025-15620
Published: 02 April 2026
Summary
CVE-2025-15620 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 0.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-7 (Boundary Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Flaw remediation requires applying vendor patches to versions 09.4.05 or 10.3.01, directly eliminating the vulnerability in the web interface.
Denial-of-service protection implements safeguards at entry points to block or mitigate crafted HTTP requests that trigger device reboots.
Boundary protection enforces network segmentation and access controls to limit exposure of the vulnerable web management interface to unauthorized remote attackers.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The unauthenticated remote HTTP request triggers application exploitation leading to device reboot and availability loss, directly matching T1499.004.
NVD Description
HiOS Switch Platform versions 09.1.00 prior to 09.4.05 and 10.3.01 contains a denial-of-service vulnerability in the web interface that allows remote attackers to reboot the affected device by sending a malicious HTTP GET request to a specific endpoint. Attackers can…
more
trigger an uncontrolled reboot condition through crafted HTTP requests to cause service disruption and unavailability of the switch.
Deeper analysisAI
CVE-2025-15620 is a denial-of-service vulnerability (CWE-306) affecting the web interface of the HiOS Switch Platform in versions 09.1.00 prior to 09.4.05 and prior to 10.3.01. It enables remote attackers to trigger an uncontrolled reboot of the affected device by sending a crafted HTTP GET request to a specific endpoint, leading to service disruption and temporary unavailability of the switch. The vulnerability has a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H), indicating high severity due to its network accessibility, low attack complexity, lack of required privileges, and high availability impact with changed scope.
Remote, unauthenticated attackers can exploit this vulnerability over the network without user interaction by simply sending the malicious HTTP GET request to the exposed web interface. Successful exploitation causes the switch to reboot immediately, disrupting network services and rendering the device unavailable until it restarts, which could facilitate broader denial-of-service campaigns against dependent infrastructure.
Vendor and third-party advisories, including Belden's PSIRT notice (https://assets.belden.com/m/702a656e81736b04/original/PSIRT-2_Web_Interface_HiOS.pdf) and VulnCheck's analysis (https://www.vulncheck.com/advisories/hios-switch-platform-denial-of-service-via-web-interface), detail mitigation steps, primarily recommending upgrades to HiOS Switch Platform versions 09.4.05 or later and 10.3.01 or later where applicable, along with network segmentation to limit web interface exposure.
Details
- CWE(s)