PatchSiren

Keysight CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Keysight CVE published 2025-03-04

CVE-2025-24521

CVE-2025-24521 affects the Keysight Ixia Vision Product Family and was published by CISA on 2025-03-04. The advisory says an external XML entity injection issue can allow arbitrary download of files, and that in combination with other issues it may help further compromise the device. Keysight states remediation is available in version 6.8.0, released on 2025-03-01. Organizations using affected Ixia Vision [truncated]

HIGH Keysight CVE published 2025-03-04

CVE-2025-24494

CVE-2025-24494 affects the Keysight Ixia Vision Product Family and is rated HIGH (CVSS 7.2). The advisory says the issue is a path traversal vulnerability that may enable remote code execution when an attacker already has a privileged device admin account. Keysight also notes that, combined with the product’s Upload functionality, the flaw could be used to execute an arbitrary script or possibly upload a [truncated]

MEDIUM Keysight CVE published 2025-03-04

CVE-2025-23416

CVE-2025-23416 is a path traversal flaw in the Keysight Ixia Vision Product Family that may allow arbitrary file deletion. The advisory notes that the issue was scored without the least-privilege principle violation and that, in combination with other issues, it could help further compromise the device. Keysight states remediation is available in version 6.8.0, and recommends upgrading from older releases [truncated]

MEDIUM Keysight CVE published 2025-03-04

CVE-2025-21095

CVE-2025-21095 is a Keysight Ixia Vision Product Family issue where path traversal may allow arbitrary file download. CISA’s advisory lists the affected product as Keysight Ixia Vision Product Family 6.3.1 and notes remediation in version 6.8.0. The advisory also states that, in combination with other issues, this flaw may help further compromise the device.