Keysight Ixia Vision Product Family Use of Hard-coded Cryptographic Key

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

Keysight Ixia Vision has an issue with hardcoded cryptographic material
which may allow an attacker to intercept or decrypt payloads sent to the
device via API calls or user authentication if the end user does not
replace the TLS certificate that shipped with the device. Remediation is
available in Version 6.9.1, released on September 23, 2025.

Basic Information

ID CVE-2025-24525

Source icscert

Published Sep 30, 2025 at 23:04

Affected Product

Vendor Keysight

Product Ixia Vision Product Family

Version 6.3.1

Affected Versions Keysight Ixia Vision Product Family 6.3.1

CWE Classification

CWE-321

References

{
    "lastseen": "",
    "description": "Keysight Ixia Vision has an issue with hardcoded cryptographic material \nwhich may allow an attacker to intercept or decrypt payloads sent to the\n device via API calls or user authentication if the end user does not \nreplace the TLS certificate that shipped with the device. Remediation is\n available in Version 6.9.1, released on September 23, 2025.",
    "published": "2025-09-30T23:04:14.688Z",
    "modified": "2025-09-30T23:04:14.688Z",
    "type": "cve",
    "title": "Keysight Ixia Vision Product Family Use of Hard-coded Cryptographic Key",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-02\nhttps://support.ixiacom.com/support-overview/product-support/downloads-updates\nhttps://support.ixiacom.com/\nhttps://www.keysight.com/us/en/contact.html",
    "id": "CVE-2025-24525",
    "bulletinFamily": "",
    "cwe": [
        "CWE-321"
    ],
    "cvelist": null,
    "sourceData": "Keysight Ixia Vision Product Family 6.3.1",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Ixia Vision Product Family",
    "version": "6.3.1",
    "vendor": "Keysight",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Keysight Ixia Vision Product Family Use of Hard-coded Cryptographic Key_CVE-2025-24525