Cross-Site Scripting Flaw in Versa Director SD-WAN Orchestration Platform
CVE-2025-23169
Currently unrated
What is CVE-2025-23169?
The Versa Director SD-WAN orchestration platform allows for user interface customization, including elements like the header and logo. However, the input fields for these customizations lack proper validation and sanitization. This oversight creates a potential vector for malfeasance, enabling attackers to inject and store cross-site scripting (XSS) payloads that could compromise the integrity of the application. Currently, there have been no reported cases of exploitation, but security researchers have disclosed a proof of concept demonstrating the vulnerability's potential impact. Versa Networks recommends upgrading to the latest secure versions to mitigate any risks associated with this vulnerability.