Cyber Resilience

CVE-2025-24494

High

Published: 05 March 2025

Published
05 March 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0647 91.3th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24494 is a high-severity Path Traversal (CWE-22) vulnerability in Ixiacom (inferred from references). Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 8.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-24494 is a path traversal vulnerability tracked as CWE-22 that affects a software component whose remediation was issued in version 6.7.0. The flaw permits remote code execution when an attacker leverages the product's upload functionality to place and run an arbitrary script or binary.

Exploitation requires a privileged device administrator account and cannot be performed by regular users. With that access an attacker can combine the path traversal with upload operations to achieve full control over confidentiality, integrity, and availability on the affected system.

Vendor support pages for Ixia and Keysight together with CISA advisory ICSA-25-063-02 state that the issue is resolved in the 6.7.0 release dated 20 October 2024. The reported CVSS 4.0 score of 8.6 reflects a network vector, low attack complexity, and high-privilege requirement.

EPSS remains flat at 0.0647 with no material rise after disclosure.

EU & UK References

Vulnerability details

Path traversal may allow remote code execution using privileged account (requires device admin account, cannot be performed by a regular user). In combination with the 'Upload' functionality this could be used to execute an arbitrary script or possibly an uploaded…

more

binary. Remediation in Version 6.7.0, release date: 20-Oct-24.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

Path traversal in upload functionality directly enables remote exploitation of public-facing app (T1190) for RCE, facilitating tool ingress via upload (T1105) and arbitrary script/binary execution (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-12062Shared CWE-22
CVE-2026-41180Shared CWE-22
CVE-2025-69770Shared CWE-22
CVE-2026-7398Shared CWE-22
CVE-2026-39308Shared CWE-22
CVE-2025-8815Shared CWE-22
CVE-2026-21878Shared CWE-22
CVE-2024-55597Shared CWE-22
CVE-2026-27969Shared CWE-22
CVE-2026-6957Shared CWE-22

Affected Assets

Ixiacom
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates path traversal by validating file paths and inputs in upload and access functions exploited by device admins.

prevent

Ensures timely patching to version 6.7.0, remediating the specific path traversal vulnerability leading to RCE.

prevent

Limits damage from exploited privileged admin accounts by enforcing least privilege on file access and execution capabilities.

References