CVE-2025-24521
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
External XML entity injection allows arbitrary download of files. The score without least privilege principle violation is as calculated below. In combination with other issues it may facilitate further compromise of the device. Remediation in Version 6.8.0, release date: 01-Mar-25.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Keysight | Ixia Vision Product Family | 6.3.1 | affected |
Weaknesses
- CWE-611: CWE-611 Improper Restriction of XML External Entity Reference
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-02
- https://www.keysight.com/us/en/contact.html
- https://support.ixiacom.com/
- https://support.ixiacom.com/support-overview/product-support/downloads-updates
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.