HiOS Switch Platform Denial-of-Service via Web Interface

Advisories

HiOS Switch Platform Denial-of-Service via Web Interface

severity: critical
date: 4/2/2026
Affecting: Hirschmann HiOS Switch Platform 9.1.00 < 9.4.05, 10.3.01
CVE: CVE-2025-15620
CWE: CWE-306 Missing Authentication for Critical Function
CVSS: 9.2
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
References: Belden Security Advisories
Description: HiOS Switch Platform versions 09.1.00 prior to 09.4.05 and 10.3.01 contains a denial-of-service vulnerability in the web interface that allows remote attackers to reboot the affected device by sending a malicious HTTP GET request to a specific endpoint. Attackers can trigger an uncontrolled reboot condition through crafted HTTP requests to cause service disruption and unavailability of the switch.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo