Critical vulnerabilities expose network security risks in Keysight’s infrastructure

Keysight Technologies’ Ixia Vision product family has been found to contain critical security vulnerabilities that could allow remote attackers to compromise affected devices.

According to a newly issued alert from the Cybersecurity and Infrastructure Security Agency (CISA), these flaws expose the devices to risks such as remote code execution, unauthorized file downloads, and system crashes, posing significant threats to enterprises using the affected hardware.

“Successful exploitation of these vulnerabilities could crash the device being accessed; a buffer overflow condition may allow remote code execution,” the CISA advisory warned, highlighting the critical nature of the security gaps.

High-risk vulnerabilities discovered

The NATO Cyber Security Centre first reported the vulnerabilities to Keysight, identifying four distinct security issues that could potentially compromise network infrastructure.

The most severe issue, a path traversal vulnerability tracked as CVE-2025-24494, has been assigned a CVSS v4 score of 8.6, indicating a high level of severity. Exploiting this flaw could allow attackers to execute arbitrary scripts or binaries using administrative privileges, potentially leading to full system compromise.

Another critical flaw, CVE-2025-24521, involves an improper restriction of XML external entity references. This vulnerability could enable attackers to remotely download unauthorized files, escalating security risks.

While its CVSS v3.1 base score is rated at 4.9, its CVSS v4 rating reaches 6.9, underscoring its potential impact when combined with other vulnerabilities, the advisory added.

Potential threats to enterprises

Successful exploitation of these vulnerabilities could have dire consequences, including system crashes, arbitrary file deletions, and unauthorized access to sensitive information. Attackers leveraging these flaws may gain control over affected devices, facilitating further attacks within an enterprise’s network.

Furthermore, multiple path traversal vulnerabilities (CVE-2025-21095 and CVE-2025-23416) identified in the affected software versions could be used to download or delete files arbitrarily, leading to data integrity issues and service disruptions.

“Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents,” the advisory emphasized.

Patch and mitigation recommendations

Keysight Technologies has acknowledged the vulnerabilities and released security patches to address them. Organizations using the affected devices are urged to upgrade to version 6.7.0 or later for CVE-2025-24494 and to version 6.8.0 for CVE-2025-24521, CVE-2025-21095, and CVE-2025-23416.

These updates, released between October 2024 and March 2025, contain essential fixes to prevent exploitation.

CISA has also issued recommendations to mitigate the risks associated with these vulnerabilities. The agency advises organizations to minimize network exposure for control system devices, ensure they are not accessible from the internet, and place them behind firewalls.

Additionally, organizations should adopt secure remote access methods such as VPNs while ensuring that VPN solutions are updated to the latest versions to mitigate potential security weaknesses, the advisory said.

Industry response and future security measures

While no public exploitation of these vulnerabilities has been reported so far, cybersecurity experts warn that threat actors may soon attempt to take advantage of unpatched systems. Given the widespread deployment of Keysight’s network packet broker devices in enterprise environments, organizations must prioritize timely updates and strengthen network defenses.

CISA has urged companies to follow best practices for industrial control system (ICS) security, emphasizing the need for defense-in-depth strategies. As organizations increasingly rely on network visibility solutions like Ixia Vision, ensuring robust security measures will be essential to mitigating cyber risks and preventing potential attacks. As cyber threats continue to evolve, timely patch management and proactive security strategies remain critical in safeguarding enterprise infrastructure from emerging vulnerabilities.