Medium severity4.9NVD Advisory· Published Mar 5, 2025· Updated Apr 15, 2026

CVE-2025-24521

Description

External XML entity injection allows arbitrary download of files. The score without least privilege principle violation is as calculated below. In combination with other issues it may facilitate further compromise of the device. Remediation in Version 6.8.0, release date: 01-Mar-25.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.ixiacom.comnvd
support.ixiacom.com/support-overview/product-support/downloads-updatesnvd
www.cisa.gov/news-events/ics-advisories/icsa-25-063-02nvd
www.keysight.com/us/en/contact.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.319
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000