Home / Vulnerability Intelligence / CVE-2018-25236

CVE-2018-25236 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: April 3, 2026

Hirschmann HiOS & HiSecOS - Authentication Bypass

Published: April 3, 2026Updated: April 3, 2026Remote Exploitable

Overview

Hirschmann HiOS and HiSecOS products contain an authentication bypass caused by improper authentication handling in the HTTP(S) management module, letting unauthenticated remote attackers gain administrative access by crafting special HTTP requests.

Severity & Score

Severity: Critical

CVSS Score: 9.8

Impact

Unauthenticated remote attackers can gain administrative access, leading to full system control.

Mitigation

Update to the latest available version with the authentication fix.

References

https://assets.belden.com/m/52ecadbb5f1b0e04/original/Security-Bulletin-Web-Server-Authentication-Bypass-HiOS-HiSecOS-Hirschmann-BSECV-2018-05.pdf
https://www.vulncheck.com/advisories/hirschmann-hios-hisecos-authentication-bypass-via-http-management

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2018-25236
Severity: Critical
CVSS Score: 9.8
Type: broken_authentication
Status: new

CWE

CWE-287

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H