External risk intelligence

HiOS Switch Web Interface Reboot Vulnerability.

CVE advisorySeverity: CRITICAL (CVSS 9.2)

CVE-2025-15620

A denial-of-service vulnerability in the HiOS Switch Platform's web interface allows unauthenticated remote attackers to reboot devices via crafted HTTP requests, causing service disruption. This could impact network availability if reachable. Confirmation of affected devices and exposure is recommended.

3Halo Surface Signal

Missing Authentication

Belden Hios Switch

09.1.00 to before 09.4.0510.0.00 to before 10.3.01

External exposure likelihood

Halo Surface Signal score for CVE-2025-15620

The vulnerability affects the web interface of a network switch. While network switches are primarily managed within internal infrastructure, web management interfaces are frequently exposed to internal networks and, in some deployment scenarios, may be accessible via the public internet, though this is not the standard or recommended configuration for such devices.

PCI scan relevance

PCI Relevance for CVE-2025-15620

Yes

CVE-2025-15620 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This vulnerability allows remote attackers to cause a denial of service by rebooting affected HiOS Switch Platform devices via crafted HTTP requests. Such an unavailability of service is likely to cause a PCI compliance scan failure.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Horizon Alert

Summary of the vulnerability and why it matters

A denial-of-service vulnerability exists in the HiOS Switch Platform's web interface that could allow remote attackers to reboot devices by sending specially crafted requests, potentially causing service disruption. The main concern is confirming relevance and exposure to our environment.

  • Web interface flaw can cause device reboots.
  • Understand potential for network disruption.
  • Confirm if HiOS switches are in use.

Attack Path

How an attacker could exploit the issue

An attacker can exploit this vulnerability by sending a crafted HTTP GET request to the switch's web interface. This request targets a specific endpoint, and if successful, can cause the affected device to reboot, leading to a denial of service.

  • Accessible via the internet or internal network.
  • Malicious HTTP GET request to a specific endpoint.
  • Uncontrolled reboot and service disruption.

Live Threat

Current exploitation, exposure, and threat context

The HiOS Switch Platform's web interface is vulnerable to remote attackers who can send specially crafted HTTP GET requests to cause an uncontrolled reboot. This vulnerability could lead to service disruption and unavailability of the affected switch when supported by the advisory.

  • Network switch service availability.
  • Unauthenticated remote HTTP request.
  • Device reboots and service disruption.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

The HiOS Switch Platform's web interface is susceptible to a denial-of-service vulnerability, allowing remote attackers to trigger device reboots. Responsibility likely falls to infrastructure or platform teams managing network devices, with initial steps involving asset identification, exposure assessment, and determining business criticality. Vendor coordination may be necessary for remediation.

  • Infrastructure teams should own remediation.
  • Verify reachable and critical systems first.
  • Plan coordinated maintenance for fixes.

Frequently asked questions

What is the HiOS Switch Platform and what is it used for?

The HiOS Switch Platform is a product from Belden that functions as a network switch. Network switches are essential hardware components used to connect devices within a computer network, enabling communication and data flow between them.

How does the CVE-2025-15620 vulnerability affect the HiOS Switch Platform?

This vulnerability, classified as CWE-306, allows remote attackers to cause an uncontrolled reboot of the affected device. It is triggered by sending a malicious HTTP GET request to a specific endpoint in the web interface, leading to service disruption.

What are the preconditions for an attacker to exploit this vulnerability?

An attacker can trigger this vulnerability by sending a specially crafted HTTP GET request to the switch's web interface. The vulnerability is not triggered if the attacker cannot send such a request or if the web interface is not accessible.

Who should be concerned about this vulnerability based on its exposure?

This vulnerability is classified as external due to its network attack vector. Organizations should be concerned if their HiOS switches have web interfaces that are accessible from the internet or broadly within their internal networks.

What is the first step to address this vulnerability if I use this technology?

The initial step for those running this technology is to identify all instances of the HiOS Switch Platform within your environment, verify if their web interfaces are exposed, and assess the criticality of these devices to your operations.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified