CVE-2025-15620
Published: 02 April 2026
Summary
CVE-2025-15620 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Belden Hios Switch. Its CVSS base score is 9.2 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 39.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-7 (Boundary Protection).
Deeper analysis
CVE-2025-15620 is a denial-of-service vulnerability (CWE-306) affecting the web interface of the HiOS Switch Platform in versions 09.1.00 prior to 09.4.05 and prior to 10.3.01. It enables remote attackers to trigger an uncontrolled reboot of the affected device by sending a crafted HTTP GET request to a specific endpoint, leading to service disruption and temporary unavailability of the switch. The vulnerability has a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H), indicating high severity due to its network accessibility, low attack complexity, lack of required privileges, and high availability impact with changed scope.
Remote, unauthenticated attackers can exploit this vulnerability over the network without user interaction by simply sending the malicious HTTP GET request to the exposed web interface. Successful exploitation causes the switch to reboot immediately, disrupting network services and rendering the device unavailable until it restarts, which could facilitate broader denial-of-service campaigns against dependent infrastructure.
Vendor and third-party advisories, including Belden's PSIRT notice (https://assets.belden.com/m/702a656e81736b04/original/PSIRT-2_Web_Interface_HiOS.pdf) and VulnCheck's analysis (https://www.vulncheck.com/advisories/hios-switch-platform-denial-of-service-via-web-interface), detail mitigation steps, primarily recommending upgrades to HiOS Switch Platform versions 09.4.05 or later and 10.3.01 or later where applicable, along with network segmentation to limit web interface exposure.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-209199
Vulnerability details
HiOS Switch Platform versions 09.1.00 through 09.4.04 and 10.0.00 through 10.3.00 contain a denial-of-service vulnerability in the web interface that allows remote attackers to reboot the affected device by sending a malicious HTTP GET request to a specific endpoint. Attackers…
more
can trigger an uncontrolled reboot condition through crafted HTTP requests to cause service disruption and unavailability of the switch.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The unauthenticated remote HTTP request triggers application exploitation leading to device reboot and availability loss, directly matching T1499.004.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces access control on the web interface endpoint so that unauthenticated HTTP GET requests cannot trigger an uncontrolled reboot.
Boundary protection and network segmentation can restrict exposure of the switch web interface to only authorized management networks.
Requires timely application of vendor patches that close the unauthenticated reboot flaw in HiOS versions prior to 09.4.05/10.3.01.