{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-24521", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2025-02-05T15:36:40.939Z", "datePublished": "2025-03-05T15:17:23.659Z", "dateUpdated": "2025-03-06T21:57:07.875Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Ixia Vision Product Family", "vendor": "Keysight", "versions": [{"status": "affected", "version": "6.3.1"}]}], "credits": [{"lang": "en", "type": "finder", "value": "NATO Cyber Security Centre (NCSC) reported these vulnerabilities to Keysight."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "External XML entity injection allows arbitrary download of files. The \nscore without least privilege principle violation is as calculated \nbelow. In combination with other issues it may facilitate further \ncompromise of the device. Remediation in Version 6.8.0, release date: \n01-Mar-25."}], "value": "External XML entity injection allows arbitrary download of files. The \nscore without least privilege principle violation is as calculated \nbelow. In combination with other issues it may facilitate further \ncompromise of the device. Remediation in Version 6.8.0, release date: \n01-Mar-25."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 6.9, "baseSeverity": "MEDIUM", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-611", "description": "CWE-611 Improper Restriction of XML External Entity Reference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-03-05T15:17:23.659Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-02"}, {"url": "https://www.keysight.com/us/en/contact.html"}, {"url": "https://support.ixiacom.com/"}, {"url": "https://support.ixiacom.com/support-overview/product-support/downloads-updates"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Keysight recommends that all users <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.ixiacom.com/support-overview/product-support/downloads-updates\">upgrade to the latest version of software as soon as possible.</a> \n\nRemediation in Version 6.8.0, release date: \n01-Mar-25.\n\n\n\n Older versions of this software may have this vulnerability; Keysight \nrecommends that users discontinue the use of older software versions.\n<p>For more information about the Ixia Vision Product Family, please visit <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.ixiacom.com/\">Ixia product support</a></p>Further questions can be answered by <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.keysight.com/us/en/contact.html\">contacting Keysight.</a>\n\n<br>"}], "value": "Keysight recommends that all users upgrade to the latest version of software as soon as possible. https://support.ixiacom.com/support-overview/product-support/downloads-updates \n\nRemediation in Version 6.8.0, release date: \n01-Mar-25.\n\n\n\n Older versions of this software may have this vulnerability; Keysight \nrecommends that users discontinue the use of older software versions.\nFor more information about the Ixia Vision Product Family, please visit Ixia product support https://support.ixiacom.com/ \n\nFurther questions can be answered by contacting Keysight. https://www.keysight.com/us/en/contact.html"}], "source": {"advisory": "ICSA-25-063-02", "discovery": "EXTERNAL"}, "title": "Keysight Ixia Vision Product Family Improper Restriction of XML External Entity Reference", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-06T21:56:42.423574Z", "id": "CVE-2025-24521", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-06T21:57:07.875Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-24521", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-06T21:56:42.423574Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-06T21:56:52.982Z"}}], "cna": {"title": "Keysight Ixia Vision Product Family Improper Restriction of XML External Entity Reference", "source": {"advisory": "ICSA-25-063-02", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "NATO Cyber Security Centre (NCSC) reported these vulnerabilities to Keysight."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Keysight", "product": "Ixia Vision Product Family", "versions": [{"status": "affected", "version": "6.3.1"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Keysight recommends that all users upgrade to the latest version of software as soon as possible. https://support.ixiacom.com/support-overview/product-support/downloads-updates \n\nRemediation in Version 6.8.0, release date: \n01-Mar-25.\n\n\n\n Older versions of this software may have this vulnerability; Keysight \nrecommends that users discontinue the use of older software versions.\nFor more information about the Ixia Vision Product Family, please visit Ixia product support https://support.ixiacom.com/ \n\nFurther questions can be answered by contacting Keysight. https://www.keysight.com/us/en/contact.html", "supportingMedia": [{"type": "text/html", "value": "Keysight recommends that all users <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.ixiacom.com/support-overview/product-support/downloads-updates\">upgrade to the latest version of software as soon as possible.</a> \n\nRemediation in Version 6.8.0, release date: \n01-Mar-25.\n\n\n\n Older versions of this software may have this vulnerability; Keysight \nrecommends that users discontinue the use of older software versions.\n<p>For more information about the Ixia Vision Product Family, please visit <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.ixiacom.com/\">Ixia product support</a></p>Further questions can be answered by <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.keysight.com/us/en/contact.html\">contacting Keysight.</a>\n\n<br>", "base64": false}]}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-02"}, {"url": "https://www.keysight.com/us/en/contact.html"}, {"url": "https://support.ixiacom.com/"}, {"url": "https://support.ixiacom.com/support-overview/product-support/downloads-updates"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "External XML entity injection allows arbitrary download of files. The \nscore without least privilege principle violation is as calculated \nbelow. In combination with other issues it may facilitate further \ncompromise of the device. Remediation in Version 6.8.0, release date: \n01-Mar-25.", "supportingMedia": [{"type": "text/html", "value": "External XML entity injection allows arbitrary download of files. The \nscore without least privilege principle violation is as calculated \nbelow. In combination with other issues it may facilitate further \ncompromise of the device. Remediation in Version 6.8.0, release date: \n01-Mar-25.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-611", "description": "CWE-611 Improper Restriction of XML External Entity Reference"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-03-05T15:17:23.659Z"}}}, "cveMetadata": {"cveId": "CVE-2025-24521", "state": "PUBLISHED", "dateUpdated": "2025-03-06T21:57:07.875Z", "dateReserved": "2025-02-05T15:36:40.939Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2025-03-05T15:17:23.659Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "External XML entity injection allows arbitrary download of files. The \nscore without least privilege principle violation is as calculated \nbelow. In combination with other issues it may facilitate further \ncompromise of the device. Remediation in Version 6.8.0, release date: \n01-Mar-25."}], "id": "CVE-2025-24521", "lastModified": "2025-03-05T16:15:39.093", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2025-03-05T16:15:39.093", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://support.ixiacom.com/"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://support.ixiacom.com/support-overview/product-support/downloads-updates"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-02"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.keysight.com/us/en/contact.html"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}

{}