Command Injection Vulnerability in Versa Director SD-WAN Orchestration Platform
CVE-2025-23170

Currently unrated

Key Information:

Vendor: Versa Networks
Status: Versa Director
Vendor: CVE Published:; 19 June 2025

🔔 Create Versa Networks Vulnerability Alert

What is CVE-2025-23170?

The Versa Director SD-WAN orchestration platform is susceptible to command injection vulnerabilities due to the insecure handling of user input in the shell-connect.py script. Through this vulnerability, an attacker could potentially execute arbitrary commands on the affected system, compromising its integrity and security. While there have been no confirmed exploits reported, security researchers have disclosed proof-of-concept code that highlights the risk. Versa Networks advises users to upgrade to the latest versions to mitigate this vulnerability, as no workarounds exist to disable the affected GUI options.

References

https://security-portal.versa-networks.com/emailbulletins...

https://support.versa-networks.com/support/solutions/arti...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2025