CVE-2025-23416

Vulnerability

Overview

CVE-2025-23416 is an XML External Entity (XXE) injection vulnerability (CWE-611) in Keysight's Ixia Vision Network Packet Broker firmware version 6.3.1. The flaw resides in the XML parser, which does not properly restrict external entity references, allowing an attacker with a privileged (administrator) account to arbitrarily download files from the device. The vulnerability is rated with a CVSS v3.1 base score of 4.9 (Medium) due to the requirement for high privileges and the lack of impact beyond confidentiality. [1]

Exploitation

Conditions

Exploitation requires a device admin account; regular users cannot trigger this vulnerability. The attack is network-based with low complexity, meaning an authenticated admin can send a crafted XML payload to the affected endpoint. The advisory notes that when combined with a separate path traversal issue (CVE-2025-24494), the XXE could be leveraged to execute arbitrary code or upload binaries, significantly raising the overall risk. [1]

Impact and

Remediation

Successful exploitation of CVE-2025-23416 alone allows an attacker to read arbitrary files from the device filesystem, exfiltrating sensitive configuration or cryptographic material. The CISA advisory emphasizes that in combination with other vulnerabilities it may facilitate further compromise of the device. Keysight released remediation in version 6.8.0 on March 1, 2025; users are strongly advised to update to this or later versions. No workarounds are documented. [1]