Skip to main content
CybersecurityNetwork Security

Exploring the Keysight Ixia Vision Product Lineup

Exploring the Keysight Ixia Vision Product Lineup

1. EXECUTIVE SUMMARY

  • CVSS v4 Score: 8.6
  • ATTENTION: Vulnerabilities are exploitable remotely with low attack complexity.
  • Vendor: Keysight Technologies
  • Equipment: Ixia Vision Product Family
  • Vulnerabilities Identified: Path Traversal, Improper Restriction of XML External Entity Reference

2. RISK EVALUATION

The successful exploitation of the identified vulnerabilities could lead to severe consequences, including device crashes and potential remote code execution through buffer overflow conditions. This poses significant risks to the integrity and availability of the affected systems.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Keysight has confirmed that the following version of the Ixia Vision Network Packet Broker product family is affected:

  • Ixia Vision Product Family: Version 6.3.1

3.2 VULNERABILITY OVERVIEW

3.2.1 Improper Limitation of a Pathname to a Restricted Directory CWE-22

This vulnerability allows for path traversal, which could enable remote code execution if exploited by a privileged account (device admin required). When combined with the ‘Upload’ functionality, it could facilitate the execution of arbitrary scripts or binaries. A remediation is scheduled for Version 6.7.0, set to release on October 20, 2024.

CVE-2025-24494 has been assigned to this vulnerability, with a CVSS v3.1 base score of 7.2 and a CVSS v4 score of 8.6.

3.2.2 Improper Restriction of XML External Entity Reference CWE-611

This vulnerability allows for external XML entity injection, which can lead to arbitrary file downloads. While the score reflects a lack of least privilege principle violation, it may enable further device compromise when combined with other vulnerabilities. Remediation is planned for Version 6.8.0, expected on March 1, 2025.

CVE-2025-24521 has been assigned, with a CVSS v3.1 base score of 4.9 and a CVSS v4 score of 6.9.

3.2.3 Improper Limitation of a Pathname to a Restricted Directory CWE-22

This vulnerability also allows for path traversal, potentially leading to arbitrary file downloads. Similar to the previous vulnerabilities, it may facilitate further device compromise. Remediation is scheduled for Version 6.8.0, releasing on March 1, 2025.

CVE-2025-21095 has been assigned, with a CVSS v3.1 base score of 4.9 and a CVSS v4 score of 6.9.

3.2.4 Improper Limitation of a Pathname to a Restricted Directory CWE-22

This vulnerability may lead to arbitrary file deletion through path traversal. Remediation is also planned for Version 6.8.0, set for March 1, 2025.

CVE-2025-23416 has been assigned, with a CVSS v3.1 base score of 4.9 and a CVSS v4 score of 6.9.

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Information Technology
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: United States

3.4 RESEARCHER

The vulnerabilities were reported to Keysight by the NATO Cyber Security Centre (NCSC).

4. MITIGATIONS

Keysight strongly recommends that all users upgrade to the latest software version as soon as possible. Users should discontinue the use of older software versions that may contain these vulnerabilities.

For further information regarding the Ixia Vision Product Family, please visit Ixia product support.

For additional inquiries, users can contact Keysight.

CISA recommends implementing defensive measures to minimize the risk of exploitation of these vulnerabilities, including:

  • Minimize network exposure: Ensure that all control system devices are not accessible from the Internet.
  • Network isolation: Place control system networks and remote devices behind firewalls, isolating them from business networks.
  • Secure remote access: When remote access is necessary, utilize secure methods such as virtual private networks (VPNs), while recognizing that VPNs may have vulnerabilities and should be kept updated.

CISA emphasizes the importance of conducting proper impact analysis and risk assessment before deploying defensive measures.

Organizations are encouraged to follow CISA’s recommended practices for control systems security, which can be found on the CISA website.

Organizations observing suspected malicious activity should adhere to established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also advises users to protect themselves from social engineering attacks by:

  • <strong