PatchSiren cyber security CVE debrief
CVE-2025-24494 Keysight CVE debrief
CVE-2025-24494 affects the Keysight Ixia Vision Product Family and is rated HIGH (CVSS 7.2). The advisory says the issue is a path traversal vulnerability that may enable remote code execution when an attacker already has a privileged device admin account. Keysight also notes that, combined with the product’s Upload functionality, the flaw could be used to execute an arbitrary script or possibly upload a binary. A fixed release is available in version 6.7.0, which was released on October 20, 2024.
- Vendor
- Keysight
- Product
- Ixia Vision Product Family
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-03-04
- Original CVE updated
- 2025-09-30
- Advisory published
- 2025-03-04
- Advisory updated
- 2025-09-30
Who should care
Organizations running Keysight Ixia Vision Product Family version 6.3.1 or other older releases, especially teams that manage device admin accounts or expose the product to users who can interact with upload features.
Technical summary
The source advisory describes a path traversal flaw in Keysight Ixia Vision Product Family. Exploitation requires a device admin account; the advisory explicitly says it cannot be performed by a regular user. In combination with the Upload functionality, an attacker with that privileged access may be able to execute an arbitrary script or possibly upload a binary. The affected product listed in the CSAF is Keysight Ixia Vision Product Family: 6.3.1, and remediation is available in version 6.7.0.
Defensive priority
High for environments running affected versions, but practical exposure is reduced by the requirement for a privileged device admin account. Prioritize remediation where admin access is broadly available or where the product is operationally critical.
Recommended defensive actions
- Upgrade Keysight Ixia Vision Product Family to version 6.7.0 or later as soon as possible.
- Discontinue use of older affected software versions, per the vendor guidance.
- Restrict and review access to device admin accounts; use least privilege and strong authentication.
- Review use of the Upload functionality and limit it to trusted administrative workflows.
- Monitor for unexpected file path handling or anomalous upload activity on affected systems.
- Use vendor support channels for product-specific remediation guidance if upgrade planning is needed.
Evidence notes
This debrief is based on the CISA CSAF advisory ICSA-25-063-02 and the source item provided in the corpus. The advisory states the vulnerability requires a privileged device admin account and notes remediation in version 6.7.0 released on 2024-10-20. The advisory was updated on 2025-09-30 to add CVE-2025-24525, but the description for CVE-2025-24494 remains the same.
Official resources
-
CVE-2025-24494 CVE record
CVE.org
-
CVE-2025-24494 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory on 2025-03-04. A later advisory update on 2025-09-30 added a separate CVE, but did not change the core description for CVE-2025-24494.