Keysight Ixia Vision has an issue with hardcoded cryptographic material
which may allow an attacker to intercept or decrypt payloads sent to the
device via API calls or user authentication if the end user does not
replace the TLS certificate that shipped with the device. Remediation is
available in Version 6.9.1, released on September 23, 2025.
Advisories
Source ID Title
EUVD EUVD EUVD-2025-31806 Keysight Ixia Vision has an issue with hardcoded cryptographic material which may allow an attacker to intercept or decrypt payloads sent to the device via API calls or user authentication if the end user does not replace the TLS certificate that shipped with the device. Remediation is available in Version 6.9.1, released on September 23, 2025.
Fixes

Solution

Keysight recommends that all users upgrade to the latest version of software as soon as possible. https://support.ixiacom.com/support-overview/product-support/downloads-updates Older versions of this software may have these vulnerabilities; Keysight recommends that users discontinue the use of older software versions. For more information about the Ixia Vision Product Family, visit Ixia product support https://support.ixiacom.com/ Further questions can be answered by contacting Keysight. https://www.keysight.com/us/en/contact.html


Workaround

No workaround given by the vendor.

History

Thu, 02 Oct 2025 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Keysight
Keysight ixia Vision
Vendors & Products Keysight
Keysight ixia Vision

Wed, 01 Oct 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 30 Sep 2025 23:15:00 +0000

Type Values Removed Values Added
Description Keysight Ixia Vision has an issue with hardcoded cryptographic material which may allow an attacker to intercept or decrypt payloads sent to the device via API calls or user authentication if the end user does not replace the TLS certificate that shipped with the device. Remediation is available in Version 6.9.1, released on September 23, 2025.
Title Keysight Ixia Vision Product Family Use of Hard-coded Cryptographic Key
Weaknesses CWE-321
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2025-10-01T15:02:51.427Z

Reserved: 2025-02-05T15:36:40.948Z

Link: CVE-2025-24525

cve-icon Vulnrichment

Updated: 2025-10-01T15:02:32.112Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-09-30T23:15:27.970

Modified: 2025-10-02T19:12:17.160

Link: CVE-2025-24525

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-10-02T08:46:05Z