CVE-2025-24521 Keysight CVE debrief

Who should care

Organizations running Keysight Ixia Vision Product Family deployments, especially teams responsible for industrial control system visibility, network monitoring, and appliance management. Security and operations teams should also care if the device is exposed to trusted internal users or other systems that can submit XML content.

Technical summary

The issue is described as external XML entity injection, which can be used to trigger arbitrary download of files. CISA’s CSAF advisory lists the affected product as Keysight Ixia Vision Product Family: 6.3.1 and notes that the vendor remediation is version 6.8.0. The advisory also indicates the flaw’s standalone scoring is limited by the least-privilege context, but that it may contribute to further compromise when combined with other weaknesses.

Defensive priority

Medium

Recommended defensive actions

• Upgrade Keysight Ixia Vision Product Family to version 6.8.0 or later as soon as feasible.
• Discontinue use of older software versions where Keysight recommends doing so.
• Review where XML input is accepted by the product and restrict access to trusted administrative paths only.
• Monitor vendor support guidance and CISA advisory updates for any follow-on information.
• If immediate upgrading is not possible, reduce exposure by limiting network access to the affected device and least-privilege administrative access.

Evidence notes

Primary evidence comes from the CISA CSAF advisory for ICSA-25-063-02 / CVE-2025-24521, which identifies the flaw as external XML entity injection and lists Keysight Ixia Vision Product Family: 6.3.1 as affected. The advisory references remediation in version 6.8.0 and includes vendor support links plus the CVE record and NVD entry as official references. Timing in this debrief follows the supplied CVE published date of 2025-03-04, not the later update date.

Official resources