Keysight Ixia Vision has an issue with hardcoded cryptographic material
which may allow an attacker to intercept or decrypt payloads sent to the
device via API calls or user authentication if the end user does not
replace the TLS certificate that shipped with the device. Remediation is
available in Version 6.9.1, released on September 23, 2025.
Fixes

Solution

Keysight recommends that all users upgrade to the latest version of software as soon as possible. https://support.ixiacom.com/support-overview/product-support/downloads-updates Older versions of this software may have these vulnerabilities; Keysight recommends that users discontinue the use of older software versions. For more information about the Ixia Vision Product Family, visit Ixia product support https://support.ixiacom.com/ Further questions can be answered by contacting Keysight. https://www.keysight.com/us/en/contact.html


Workaround

No workaround given by the vendor.

History

Tue, 30 Sep 2025 23:15:00 +0000

Type Values Removed Values Added
Description Keysight Ixia Vision has an issue with hardcoded cryptographic material which may allow an attacker to intercept or decrypt payloads sent to the device via API calls or user authentication if the end user does not replace the TLS certificate that shipped with the device. Remediation is available in Version 6.9.1, released on September 23, 2025.
Title Keysight Ixia Vision Product Family Use of Hard-coded Cryptographic Key
Weaknesses CWE-321
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2025-09-30T23:04:14.688Z

Reserved: 2025-02-05T15:36:40.948Z

Link: CVE-2025-24525

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2025-09-30T23:15:27.970

Modified: 2025-09-30T23:15:27.970

Link: CVE-2025-24525

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.