Home

Description

Keysight Ixia Vision has an issue with hardcoded cryptographic material which may allow an attacker to intercept or decrypt payloads sent to the device via API calls or user authentication if the end user does not replace the TLS certificate that shipped with the device. Remediation is available in Version 6.9.1, released on September 23, 2025.

PUBLISHED Reserved 2025-02-05 | Published 2025-09-30 | Updated 2025-10-01 | Assigner icscert




HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-321

Product status

Default status
unaffected

6.3.1
affected

Credits

NATO Cyber Security Centre (NCSC) reported these vulnerabilities to Keysight. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-25-063-02

support.ixiacom.com/...iew/product-support/downloads-updates

support.ixiacom.com/

www.keysight.com/us/en/contact.html

cve.org (CVE-2025-24525)

nvd.nist.gov (CVE-2025-24525)

Download JSON