Vulnerability DatabaseCVE-2025-23169

CVE-2025-23169:
Versa Director vulnerability analysis and mitigation

Overview

The Versa Director SD-WAN orchestration platform (CVE-2025-23169) contains a stored cross-site scripting (XSS) vulnerability in its user interface customization features. The vulnerability affects the header, footer, and logo customization functionality where input validation and sanitization are inadequate (NVD). The issue was discovered and disclosed in June 2025.

Technical details

The vulnerability stems from improper validation and sanitization of user input in the UI customization features of Versa Director SD-WAN. It has been assigned a CVSS v3.1 base score of 6.1 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N, indicating that while network-accessible, it requires high privileges and user interaction to exploit (NVD).

Impact

If successfully exploited, the vulnerability could allow an attacker to inject and store malicious cross-site scripting payloads in the user interface elements. This could lead to potential compromise of confidential information and integrity of the affected system (NVD).

Mitigation and workarounds

There are no workarounds available to disable the GUI option. Versa Networks recommends upgrading Director to one of the remediated software versions available in releases 21.2.3, 22.1.2, 22.1.3, or 22.1.4 (NVD).