CVE-2025-24521

Published Mar 5, 2025

Last updated a month ago

CVSS medium 6.9

Overview

Description
External XML entity injection allows arbitrary download of files. The score without least privilege principle violation is as calculated below. In combination with other issues it may facilitate further compromise of the device. Remediation in Version 6.8.0, release date: 01-Mar-25.
Source
ics-cert@hq.dhs.gov
NVD status
Received

Risk scores

CVSS 4.0

Type
Secondary
Base score
6.9
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
MEDIUM

CVSS 3.1

Type
Secondary
Base score
4.9
Impact score
3.6
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

ics-cert@hq.dhs.gov
CWE-611

Social media

Hype score
Not currently trending

  1. ⚠️ Vulnerability Alert: Keysight Ixia Vision Product Family Vulnerabilities 📅 Timeline: Disclosure: 2025-03-04, Patch: 2025-03-01 📌 Attribution: NATO Cyber Security Centre (NCSC) 🆔cveId: CVE-2025-24494, CVE-2025-21095, CVE-2025-23416, CVE-2025-24521 📊baseScore: 7.2… https:/

    @syedaquib77

    5 Mar 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References