Cross-Site Scripting Flaw in Versa Director SD-WAN Orchestration Platform
CVE-2025-23169

6.1MEDIUM

Key Information:

Vendor: Versa
Status: Director
Vendor: CVE Published:; 19 June 2025

What is CVE-2025-23169?

The Versa Director SD-WAN orchestration platform allows for user interface customization, including elements like the header and logo. However, the input fields for these customizations lack proper validation and sanitization. This oversight creates a potential vector for malfeasance, enabling attackers to inject and store cross-site scripting (XSS) payloads that could compromise the integrity of the application. Currently, there have been no reported cases of exploitation, but security researchers have disclosed a proof of concept demonstrating the vulnerability's potential impact. Versa Networks recommends upgrading to the latest secure versions to mitigate any risks associated with this vulnerability.

Affected Version(s)

Director 21.2.2

Director 21.2.3

Director 22.1.1

References

https://security-portal.versa-networks.com/emailbulletins...

https://support.versa-networks.com/support/solutions/arti...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2025

JSON