File Upload Vulnerability in Versa Director by Versa Networks
CVE-2025-23171

7.2HIGH

Key Information:

Vendor: Versa
Status: Director
Vendor: CVE Published:; 19 June 2025

What is CVE-2025-23171?

The Versa Director SD-WAN orchestration platform allows users to upload various file types. However, it fails to adequately restrict file upload permissions. While the interface may suggest that file uploads are not permitted, authenticated users can still upload files successfully. This flaw also leads to the disclosure of full filenames of temporary files, including sensitive UUID prefixes, potentially enabling an attacker to upload malicious webshells. Currently, there are no known exploits of this vulnerability, but for security purposes, it is highly recommended that users upgrade to the latest software versions provided by Versa Networks to mitigate this risk.

Affected Version(s)

Director 21.2.2

Director 21.2.3

Director 22.1.1

References

https://security-portal.versa-networks.com/emailbulletins...

https://support.versa-networks.com/support/solutions/arti...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2025

JSON