Multiple flaws fixed in Keysight Technologies Ixia Vision
Take action: This is not a panic mode patch. Make sure your Ixia Vision is isolated and accessible only from trusted networks. Then plan a regular patch process. Just don't ignore it.
Learn More
Keysight Technologies' Ixia Vision product family has been found to contain multiple security vulnerabilities. Ixia Vision is a network visibility management solution that provides tools for optimizing performance and enhancing monitoring across network environments.
According to a newly issued alert from the Cybersecurity and Infrastructure Security Agency (CISA), these flaws expose devices to various risks including remote code execution, unauthorized file downloads, and system crashes.
The NATO Cyber Security Centre first reported these vulnerabilities to Keysight, identifying four distinct security issues that could potentially compromise network infrastructure.
- CVE-2025-24494 (CVSS score 8.6): A path traversal vulnerability that could allow attackers to execute arbitrary scripts or binaries using administrative privileges, potentially leading to full system compromise.
- CVE-2025-24521 (CVSS score 6.9): Involves improper restriction of XML external entity references, enabling attackers to remotely download unauthorized files.
- CVE-2025-21095 (CVSS score 6.9): Path traversal vulnerability that could be used to download or delete files arbitrarily.
- CVE-2025-23416 (CVSS score 6.9): Additional path traversal vulnerability contributing to data integrity issues and service disruptions.
CISA's advisory warned that "Successful exploitation of these vulnerabilities could crash the device being accessed; a buffer overflow condition may allow remote code execution,"
Keysight Technologies has acknowledged the vulnerabilities and released security patches. Organizations using the affected devices are urged to:
- Upgrade to version 6.7.0 or later for CVE-2025-24494
- Upgrade to version 6.8.0 for CVE-2025-24521, CVE-2025-21095, and CVE-2025-23416
