What is CVE-2018-25236?

CVE-2018-25236 is a critical-severity vulnerability in Belden Hirschmann Hios, classified under Improper Authentication. CVSS score: 9.8/10. Published 2026-04-03.

How severe is CVE-2018-25236?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Auth bypass in Belden Hirschmann Hios

CVE-2018-25236

Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administra…

Vulnerability class: Broken Authentication

EPSS: 0.000 (1.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Belden Hirschmann Hios — versions 0, 0, 0
Belden Hirschmann Hisecos Eagle — versions 0, 03.0.03

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

Frequently asked questions

What is CVE-2018-25236?: CVE-2018-25236 is a critical-severity vulnerability in Belden Hirschmann Hios, classified under Improper Authentication. CVSS score: 9.8/10. Published 2026-04-03.
How severe is CVE-2018-25236?: Critical severity. CVSS v3 base score is 9.8 out of 10.