{"uuid": "9d243668-d0fa-499f-b982-583c0e3300da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-24521", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6547", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24521\n\ud83d\udd25 CVSS Score: 4.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: External XML entity injection allows arbitrary download of files. The \nscore without least privilege principle violation is as calculated \nbelow. In combination with other issues it may facilitate further \ncompromise of the device. Remediation in Version 6.8.0, release date: \n01-Mar-25.\n\ud83d\udccf Published: 2025-03-05T15:17:23.659Z\n\ud83d\udccf Modified: 2025-03-05T15:17:23.659Z\n\ud83d\udd17 References:\n1. https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-02\n2. https://www.keysight.com/us/en/contact.html\n3. https://support.ixiacom.com/\n4. https://support.ixiacom.com/support-overview/product-support/downloads-updates", "creation_timestamp": "2025-03-05T15:32:51.000000Z"}