PatchSiren cyber security CVE debrief
CVE-2025-23416 Keysight CVE debrief
CVE-2025-23416 is a path traversal flaw in the Keysight Ixia Vision Product Family that may allow arbitrary file deletion. The advisory notes that the issue was scored without the least-privilege principle violation and that, in combination with other issues, it could help further compromise the device. Keysight states remediation is available in version 6.8.0, and recommends upgrading from older releases as soon as possible.
- Vendor
- Keysight
- Product
- Ixia Vision Product Family
- CVSS
- MEDIUM 4.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-03-04
- Original CVE updated
- 2025-09-30
- Advisory published
- 2025-03-04
- Advisory updated
- 2025-09-30
Who should care
Administrators and operators of Keysight Ixia Vision Product Family deployments, especially systems identified as version 6.3.1 or other older releases. Industrial control system defenders responsible for patch management, device hardening, and change control should also prioritize this advisory.
Technical summary
The CISA CSAF advisory for CVE-2025-23416 identifies a path traversal condition affecting Keysight Ixia Vision Product Family: 6.3.1. The stated impact is arbitrary deletion of files. The advisory’s CVSS 3.1 vector is AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N, reflecting that exploitation requires high privileges and primarily affects integrity. The vendor recommends upgrading to the latest software, with remediation available in version 6.8.0 released on 2025-03-01.
Defensive priority
Medium: prioritize patching to version 6.8.0 during the next maintenance window, with higher urgency for systems exposed to untrusted users or used in sensitive ICS environments.
Recommended defensive actions
- Upgrade Keysight Ixia Vision Product Family to version 6.8.0 or later as soon as operationally feasible.
- Remove or restrict access to older software versions, consistent with the vendor recommendation to discontinue use of older releases.
- Limit administrative privileges and review who can reach device management functions, since the advisory’s CVSS vector requires high privileges.
- Verify backups and recovery procedures for affected systems so file deletion has a lower operational impact.
- Monitor vendor and CISA advisory updates for any additional affected versions or related issues.
Evidence notes
This debrief is based on the CISA CSAF source advisory and linked official references. The source identifies the affected product as Keysight Ixia Vision Product Family: 6.3.1, describes the issue as path traversal leading to arbitrary file deletion, and states that remediation is available in version 6.8.0 released on 2025-03-01. The published CVSS 3.1 vector is included in the source advisory.
Official resources
-
CVE-2025-23416 CVE record
CVE.org
-
CVE-2025-23416 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory for CVE-2025-23416 on 2025-03-04. The advisory was later revised on 2025-09-30 as Update A, which added CVE-2025-24525.