Cross-Site Scripting Flaw in Versa Director SD-WAN Orchestration Platform
CVE-2025-23169

6.1MEDIUM

Key Information:

Vendor: Versa
Status: Director
Vendor: CVE Published:; 19 June 2025

What is CVE-2025-23169?

The Versa Director SD-WAN orchestration platform allows for user interface customization, including elements like the header and logo. However, the input fields for these customizations lack proper validation and sanitization. This oversight creates a potential vector for malfeasance, enabling attackers to inject and store cross-site scripting (XSS) payloads that could compromise the integrity of the application. Currently, there have been no reported cases of exploitation, but security researchers have disclosed a proof of concept demonstrating the vulnerability's potential impact. Versa Networks recommends upgrading to the latest secure versions to mitigate any risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Director 21.2.2

Director 21.2.3

Director 22.1.1

References

https://security-portal.versa-networks.com/emailbulletins...

https://support.versa-networks.com/support/solutions/arti...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 19, 2025

JSON

Versa

What is CVE-2025-23169?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.