CVE-2025-24525 HIGH

CVE-2025-24525: Keysight Ixia Vision Product Family Use of Hard-coded Cryptographic Key

Vendor Keysight
Product Ixia Vision Product Family
Weakness CWE-321
Published September 30, 2025
Last update October 1, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Keysight Ixia Vision has an issue with hardcoded cryptographic material which may allow an attacker to intercept or decrypt payloads sent to the device via API calls or user authentication if the end user does not replace the TLS certificate that shipped with the device. Remediation is available in Version 6.9.1, released on September 23, 2025.

Key dates

02Disclosure timeline

September 30, 2025 CVE published
October 1, 2025 Record updated