CVE-2025-24494
7.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Path traversal may allow remote code execution using privileged account (requires device admin account, cannot be performed by a regular user). In combination with the 'Upload' functionality this could be used to execute an arbitrary script or possibly an uploaded binary. Remediation in Version 6.7.0, release date: 20-Oct-24.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Keysight | Ixia Vision Product Family | 6.3.1 | affected |
Weaknesses
- CWE-22: CWE-22 Path Traversal
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-02
- https://www.keysight.com/us/en/contact.html
- https://support.ixiacom.com/
- https://support.ixiacom.com/support-overview/product-support/downloads-updates
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.