Argument Injection Vulnerability in Versa Director SD-WAN Orchestration Platform
CVE-2025-24291

Currently unrated

Key Information:

Vendor: Versa Networks
Status: Versa Director SD-WAN
Vendor: CVE Published:; 19 June 2025

🔔 Create Versa Networks Vulnerability Alert

What is CVE-2025-24291?

The Versa Director SD-WAN orchestration platform has a vulnerability in its file upload functionality due to improper handling of arguments in uploaded filenames. This flaw allows attackers to bypass MIME type validation, enabling them to upload arbitrary file types, potentially facilitating the placement of malicious files on disk. Although no exploitation has been reported, the existence of a proof of concept from security researchers highlights the importance of addressing this issue. Users are advised to upgrade to the remediated software versions as there are no available workarounds to disable the affected GUI options.

References

https://security-portal.versa-networks.com/emailbulletins...

https://support.versa-networks.com/support/solutions/arti...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2025