CVE-2025-24494

High

Published: 05 March 2025

Published

05 March 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0647 91.1th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24494 is a high-severity Path Traversal (CWE-22) vulnerability in Ixiacom (inferred from references). Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 8.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly mitigates path traversal by validating file paths and inputs in upload and access functions exploited by device admins.

SI-2 Flaw Remediation good match

prevent

Ensures timely patching to version 6.7.0, remediating the specific path traversal vulnerability leading to RCE.

AC-6 Least Privilege partial match

prevent

Limits damage from exploited privileged admin accounts by enforcing least privilege on file access and execution capabilities.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1105 Ingress Tool Transfer Command And Control

Adversaries may transfer tools or other files from an external system into a compromised environment.

attack.mitre.org →

T1059 Command and Scripting Interpreter Execution

Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.

attack.mitre.org →

Why these techniques?

Path traversal in upload functionality directly enables remote exploitation of public-facing app (T1190) for RCE, facilitating tool ingress via upload (T1105) and arbitrary script/binary execution (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Path traversal may allow remote code execution using privileged account (requires device admin account, cannot be performed by a regular user). In combination with the 'Upload' functionality this could be used to execute an arbitrary script or possibly an uploaded…

binary. Remediation in Version 6.7.0, release date: 20-Oct-24.

Deeper analysisAI

CVE-2025-24494 is a path traversal vulnerability (CWE-22) that may allow remote code execution in Ixia software components. It requires exploitation using a privileged device admin account and cannot be performed by a regular user. The vulnerability carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-03-05.

An attacker with device admin credentials can exploit the path traversal remotely with low complexity and no user interaction. In combination with the 'Upload' functionality, this enables execution of an arbitrary script or possibly an uploaded binary, leading to high impacts on confidentiality, integrity, and availability.

Remediation is provided in Version 6.7.0, released on 20-Oct-24. Additional details are available in advisories from Ixia support sites and CISA ICS Advisory ICSA-25-063-02.