Keysight Ixia Vision Product Family (Update A)

Monitor7.5ICS-CERT ICSA-25-063-02Mar 4, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Keysight Ixia Vision Product Family versions 6.3.1 and earlier contain three vulnerabilities: path traversal (CWE-22), XML external entity injection (CWE-611), and cleartext credential storage (CWE-321). These vulnerabilities allow an attacker with network access to read sensitive data from the device or execute arbitrary code remotely without authentication. Successful exploitation could compromise the integrity and confidentiality of data and allow unauthorized command execution on the device.

What this means

What could happen

An attacker with network access could read sensitive data from the Ixia Vision device or execute arbitrary code, potentially compromising network visibility and traffic analysis functions critical to monitoring and troubleshooting your data center or network infrastructure.

Who's at risk

Network monitoring and packet capture device operators, particularly in data centers and network security teams who rely on Ixia Vision for traffic analysis, visibility, and troubleshooting. Any organization using the Ixia Vision Product Family version 6.3.1 or earlier.

How it could be exploited

An attacker on the network sends a malicious request to the Ixia Vision device exploiting one of the vulnerabilities (path traversal, XXE, or credential exposure). No credentials or user interaction are required. The device accepts the request and either exposes configuration/data files or executes the attacker's code with device privileges.

Prerequisites

Network access to the Ixia Vision device (typically on management/data center network)
Device running Ixia Vision version 6.3.1 or earlier
No authentication required for exploitation

remotely exploitableno authentication requiredlow complexityhigh impact (data disclosure and code execution)no patch currently available

Exploitability

Moderate exploit probability (EPSS 1.7%)

Affected products (1)

ProductAffected VersionsFix Status

Ixia Vision Product Family: 6.3.16.3.1No fix (EOL)

Remediation & Mitigation

0/3

Do now

0/2

HARDENINGRestrict network access to Ixia Vision devices by placing them behind firewalls and isolating management interfaces from business networks and Internet

HARDENINGDisable or restrict remote access to Ixia Vision devices; if remote access is necessary, use VPN with current security patches

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Ixia Vision Product Family to the latest available version released by Keysight

CVEs (5)

CVE-2025-24494 CVE-2025-24521 CVE-2025-21095 CVE-2025-23416 CVE-2025-24525

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/92d50f57-bef5-4125-8097-8f9920483c68