Network Visibility Vulnerability

March 3, 2025 (Updated April 9, 2025)

Overview 

Keysight recently became aware of one high and several medium severity vulnerabilities impacting the Vision Network Packet Broker product family. No other products are impacted by these issues.¹

CVE-2025-24494 may allow an authenticated user to remotely execute arbitrary code. The issue was resolved in software version 6.7.0, which was released 20-Oct-24.

CVE-2025-24521 is a path traversal vulnerability that may allow an authenticated user to read arbitrary files. The issue was resolved in software version 6.8.0, which was released on 17-Mar-25.

CVE-2025-21095 is a path traversal vulnerability that may allow an authenticated user to download arbitrary files. The issue was resolved in software version 6.8.0, which was released on 17-Mar-25.

CVE-2025-23416 is a path traversal vulnerability that may allow an authenticated user to delete arbitrary files. The issue was resolved in software version 6.8.0, which was released on 17-Mar-25.

Keysight would like to thank NATO Cyber Security Centre (NCSC) for reporting these vulnerabilities.

Impacted Products

Ixia Vision Network Packet Broker Product Family

Recommended Action

Keysight recommends that all customers upgrade to the latest version of software as soon as possible. Older versions of this software may have this vulnerability; we recommend that customers discontinue the use of older software versions.

For customers who must continue to run 6.6.1-based releases (AppStack and any IFC clusters with AppStack and/or 7300s), the v6.6.1.12 which addresses all the CVEs listed was released on 24-Mar-25.

For more information, please contact Keysight.

¹ Keysight used commercially reasonable efforts to compile the list of products affected by this vulnerability. Keysight offers this information for your convenience and does not warrant it is complete.