CVE-2025-15620— HiOS Switch Platform Denial-of-Service via Web Interface
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-15620
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HiOS Switch Platform Denial-of-Service via Web Interface
Source: NVD (National Vulnerability Database)
Vulnerability Description
HiOS Switch Platform versions 09.1.00 prior to 09.4.05 and 10.3.01 contains a denial-of-service vulnerability in the web interface that allows remote attackers to reboot the affected device by sending a malicious HTTP GET request to a specific endpoint. Attackers can trigger an uncontrolled reboot condition through crafted HTTP requests to cause service disruption and unavailability of the switch.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
关键功能的认证机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
Belden Hirschmann HiOS Switch Platform 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Belden Hirschmann HiOS Switch Platform是美国Belden公司的一款工业以太网交换机操作系统平台。 Belden Hirschmann HiOS Switch Platform 09.4.05之前版本和10.3.01存在安全漏洞,该漏洞源于Web接口存在拒绝服务漏洞,可能导致远程攻击者通过向特定端点发送恶意HTTP GET请求来重启受影响设备。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Belden | Hirschmann HiOS Switch Platform | 09.1.00 ~ 09.4.05 | - |
II. Public POCs for CVE-2025-15620
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-15620
请登录查看更多情报信息。
Same Patch Batch · Belden · 2026-04-02 · 6 CVEs total
| CVE-2024-14034 | 9.8 CRITICAL | Hirschmann HiEOS Authentication Bypass via HTTP Management Module |
| CVE-2023-7342 | 8.8 HIGH | Belden HiSecOS Web Server Privilege Escalation |
| CVE-2023-7343 | 7.8 HIGH | Belden Industrial HiVision Arbitrary Code Execution via Malicious Project File |
| CVE-2024-14033 | 7.5 HIGH | Hirschmann EagleSDV Denial of Service via TLS |
| CVE-2022-4986 | 7.5 HIGH | Hirschmann EagleSDV Denial of Service via TLS |
IV. Related Vulnerabilities
Same vendor: Belden
- CVE-2017-20234
GarrettCom Magnum 6K and 10K Authentication Bypass via Hardc - CVE-2017-20233
Hirschmann HiLCOS Layer-2 Firewall Multicast Broadcast Traff - CVE-2018-25236
Hirschmann HiOS HiSecOS Authentication Bypass via HTTP Manag - CVE-2021-4477
Hirschmann HiLCOS OpenBAT BAT450 IPv6 IPsec Firewall Bypass - CVE-2017-20238
Hirschmann Industrial HiVision Improper Authorization Privil
Same weakness: CWE-306
- CVE-2021-47940
WordPress Download From Files 1.48 Arbitrary File Upload - CVE-2021-47936
OpenCATS 0.9.4 Remote Code Execution via Resume Upload - CVE-2021-47933
WordPress MStore API 2.0.6 Arbitrary File Upload - CVE-2026-8185
UGREEN CM933 Administrative missing authentication - CVE-2026-42302
FastGPT: Unauthenticated Remote Code Execution (RCE) via cod
V. Comments for CVE-2025-15620
No comments yet