Cyber Resilience

CVE-2025-15620

CriticalPublic PoCUpdated

Published: 02 April 2026

Published
02 April 2026
Modified
05 June 2026
KEV Added
Patch
CVSS Score v4 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0051 39.5th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-15620 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Belden Hios Switch. Its CVSS base score is 9.2 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 39.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2025-15620 is a denial-of-service vulnerability (CWE-306) affecting the web interface of the HiOS Switch Platform in versions 09.1.00 prior to 09.4.05 and prior to 10.3.01. It enables remote attackers to trigger an uncontrolled reboot of the affected device by sending a crafted HTTP GET request to a specific endpoint, leading to service disruption and temporary unavailability of the switch. The vulnerability has a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H), indicating high severity due to its network accessibility, low attack complexity, lack of required privileges, and high availability impact with changed scope.

Remote, unauthenticated attackers can exploit this vulnerability over the network without user interaction by simply sending the malicious HTTP GET request to the exposed web interface. Successful exploitation causes the switch to reboot immediately, disrupting network services and rendering the device unavailable until it restarts, which could facilitate broader denial-of-service campaigns against dependent infrastructure.

Vendor and third-party advisories, including Belden's PSIRT notice (https://assets.belden.com/m/702a656e81736b04/original/PSIRT-2_Web_Interface_HiOS.pdf) and VulnCheck's analysis (https://www.vulncheck.com/advisories/hios-switch-platform-denial-of-service-via-web-interface), detail mitigation steps, primarily recommending upgrades to HiOS Switch Platform versions 09.4.05 or later and 10.3.01 or later where applicable, along with network segmentation to limit web interface exposure.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

HiOS Switch Platform versions 09.1.00 through 09.4.04 and 10.0.00 through 10.3.00 contain a denial-of-service vulnerability in the web interface that allows remote attackers to reboot the affected device by sending a malicious HTTP GET request to a specific endpoint. Attackers…

more

can trigger an uncontrolled reboot condition through crafted HTTP requests to cause service disruption and unavailability of the switch.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

The unauthenticated remote HTTP request triggers application exploitation leading to device reboot and availability loss, directly matching T1499.004.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-55222Shared CWE-306
CVE-2018-25241Shared CWE-306
CVE-2024-48882Shared CWE-306
CVE-2025-55221Shared CWE-306
CVE-2018-25246Shared CWE-306
CVE-2025-23417Shared CWE-306
CVE-2019-25686Shared CWE-306
CVE-2026-34731Shared CWE-306
CVE-2025-26361Shared CWE-306
CVE-2024-8053Shared CWE-306

Affected Assets

belden
hios switch
09.1.00 — 09.4.05 · 10.0.00 — 10.3.01

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces access control on the web interface endpoint so that unauthenticated HTTP GET requests cannot trigger an uncontrolled reboot.

prevent

Boundary protection and network segmentation can restrict exposure of the switch web interface to only authorized management networks.

prevent

Requires timely application of vendor patches that close the unauthenticated reboot flaw in HiOS versions prior to 09.4.05/10.3.01.

References