CVE-2025-15620
Denial-of-Service in HiOS Switch Web Interface Causes Reboot
Publication date: 2026-04-02
Last updated on: 2026-04-03
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hios | switch_platform | to 09.4.05 (exc) |
| hios | switch_platform | 10.3.01 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in the HiOS Switch Platform's web interface, where a remote attacker can send a specially crafted HTTP GET request to a specific endpoint.
This malicious request causes the affected device to reboot uncontrollably, leading to a denial-of-service condition.
In other words, an attacker can disrupt the normal operation of the switch by forcing it to restart repeatedly through these crafted HTTP requests.
How can this vulnerability impact me? :
This vulnerability can cause service disruption and unavailability of the affected switch device.
Since the device can be remotely rebooted repeatedly by an attacker, network services relying on the switch may experience downtime.
This can impact network reliability, availability of critical services, and potentially lead to operational interruptions.