File Upload Vulnerability in Versa Director by Versa Networks
CVE-2025-23171
Currently unrated
What is CVE-2025-23171?
The Versa Director SD-WAN orchestration platform allows users to upload various file types. However, it fails to adequately restrict file upload permissions. While the interface may suggest that file uploads are not permitted, authenticated users can still upload files successfully. This flaw also leads to the disclosure of full filenames of temporary files, including sensitive UUID prefixes, potentially enabling an attacker to upload malicious webshells. Currently, there are no known exploits of this vulnerability, but for security purposes, it is highly recommended that users upgrade to the latest software versions provided by Versa Networks to mitigate this risk.