{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-24525", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2025-02-05T15:36:40.948Z", "datePublished": "2025-09-30T23:04:14.688Z", "dateUpdated": "2025-10-01T15:02:51.427Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Ixia Vision Product Family", "vendor": "Keysight", "versions": [{"status": "affected", "version": "6.3.1"}]}], "credits": [{"lang": "en", "type": "finder", "value": "NATO Cyber Security Centre (NCSC) reported these vulnerabilities to Keysight."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Keysight Ixia Vision has an issue with hardcoded cryptographic material \nwhich may allow an attacker to intercept or decrypt payloads sent to the\n device via API calls or user authentication if the end user does not \nreplace the TLS certificate that shipped with the device. Remediation is\n available in Version 6.9.1, released on September 23, 2025."}], "value": "Keysight Ixia Vision has an issue with hardcoded cryptographic material \nwhich may allow an attacker to intercept or decrypt payloads sent to the\n device via API calls or user authentication if the end user does not \nreplace the TLS certificate that shipped with the device. Remediation is\n available in Version 6.9.1, released on September 23, 2025."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-321", "description": "CWE-321", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-09-30T23:04:14.688Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-02"}, {"url": "https://support.ixiacom.com/support-overview/product-support/downloads-updates"}, {"url": "https://support.ixiacom.com/"}, {"url": "https://www.keysight.com/us/en/contact.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Keysight recommends that all users <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.ixiacom.com/support-overview/product-support/downloads-updates\">upgrade to the latest version of software as soon as possible.</a><p>\n Older versions of this software may have these vulnerabilities; \nKeysight recommends that users discontinue the use of older software \nversions.</p>\n<p>For more information about the Ixia Vision Product Family, visit <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.ixiacom.com/\">Ixia product support</a></p>Further questions can be answered by <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.keysight.com/us/en/contact.html\">contacting Keysight.</a>\n\n<br>"}], "value": "Keysight recommends that all users upgrade to the latest version of software as soon as possible. https://support.ixiacom.com/support-overview/product-support/downloads-updates \n Older versions of this software may have these vulnerabilities; \nKeysight recommends that users discontinue the use of older software \nversions.\n\n\nFor more information about the Ixia Vision Product Family, visit Ixia product support https://support.ixiacom.com/ \n\nFurther questions can be answered by contacting Keysight. https://www.keysight.com/us/en/contact.html"}], "source": {"advisory": "ICSA-25-063-02", "discovery": "EXTERNAL"}, "title": "Keysight Ixia Vision Product Family Use of Hard-coded Cryptographic Key", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-321", "lang": "en", "description": "CWE-321 Use of Hard-coded Cryptographic Key"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-01T15:02:09.266974Z", "id": "CVE-2025-24525", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-01T15:02:51.427Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-24525", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-01T15:02:09.266974Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-321", "description": "CWE-321 Use of Hard-coded Cryptographic Key"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-01T15:02:32.112Z"}}], "cna": {"title": "Keysight Ixia Vision Product Family Use of Hard-coded Cryptographic Key", "source": {"advisory": "ICSA-25-063-02", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "NATO Cyber Security Centre (NCSC) reported these vulnerabilities to Keysight."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Keysight", "product": "Ixia Vision Product Family", "versions": [{"status": "affected", "version": "6.3.1"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Keysight recommends that all users upgrade to the latest version of software as soon as possible. https://support.ixiacom.com/support-overview/product-support/downloads-updates \n Older versions of this software may have these vulnerabilities; \nKeysight recommends that users discontinue the use of older software \nversions.\n\n\nFor more information about the Ixia Vision Product Family, visit Ixia product support https://support.ixiacom.com/ \n\nFurther questions can be answered by contacting Keysight. https://www.keysight.com/us/en/contact.html", "supportingMedia": [{"type": "text/html", "value": "Keysight recommends that all users <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.ixiacom.com/support-overview/product-support/downloads-updates\">upgrade to the latest version of software as soon as possible.</a><p>\n Older versions of this software may have these vulnerabilities; \nKeysight recommends that users discontinue the use of older software \nversions.</p>\n<p>For more information about the Ixia Vision Product Family, visit <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.ixiacom.com/\">Ixia product support</a></p>Further questions can be answered by <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.keysight.com/us/en/contact.html\">contacting Keysight.</a>\n\n<br>", "base64": false}]}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-02"}, {"url": "https://support.ixiacom.com/support-overview/product-support/downloads-updates"}, {"url": "https://support.ixiacom.com/"}, {"url": "https://www.keysight.com/us/en/contact.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Keysight Ixia Vision has an issue with hardcoded cryptographic material \nwhich may allow an attacker to intercept or decrypt payloads sent to the\n device via API calls or user authentication if the end user does not \nreplace the TLS certificate that shipped with the device. Remediation is\n available in Version 6.9.1, released on September 23, 2025.", "supportingMedia": [{"type": "text/html", "value": "Keysight Ixia Vision has an issue with hardcoded cryptographic material \nwhich may allow an attacker to intercept or decrypt payloads sent to the\n device via API calls or user authentication if the end user does not \nreplace the TLS certificate that shipped with the device. Remediation is\n available in Version 6.9.1, released on September 23, 2025.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-321", "description": "CWE-321"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-09-30T23:04:14.688Z"}}}, "cveMetadata": {"cveId": "CVE-2025-24525", "state": "PUBLISHED", "dateUpdated": "2025-10-01T15:02:51.427Z", "dateReserved": "2025-02-05T15:36:40.948Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2025-09-30T23:04:14.688Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Keysight Ixia Vision has an issue with hardcoded cryptographic material \nwhich may allow an attacker to intercept or decrypt payloads sent to the\n device via API calls or user authentication if the end user does not \nreplace the TLS certificate that shipped with the device. Remediation is\n available in Version 6.9.1, released on September 23, 2025."}], "id": "CVE-2025-24525", "lastModified": "2025-10-02T19:12:17.160", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2025-09-30T23:15:27.970", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://support.ixiacom.com/"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://support.ixiacom.com/support-overview/product-support/downloads-updates"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-02"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.keysight.com/us/en/contact.html"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-321"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-321"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}