CVE-2025-23171: 
Versa Director vulnerability analysis and mitigation

CVE-2025-23171 is a high-severity vulnerability (CVSS 7.2) affecting the Versa Director SD-WAN orchestration platform, discovered and disclosed in June 2025. The vulnerability exists in the platform's UCPE image upload feature, where the system fails to properly restrict file upload permissions. While the user interface appears to block file uploads, the backend validation is insufficient, allowing uploads to succeed. Additionally, the platform discloses the full filename of uploaded temporary files, including the UUID prefix (Wiz, Security Online).

The vulnerability has been assigned a CVSS v3.1 score of 7.2 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. The flaw stems from insufficient permission checks in the file upload functionality of Versa Director, specifically affecting the platform's ability to properly validate and restrict file uploads. The vulnerability is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type) (NVD, Wiz).

If successfully exploited, this vulnerability allows an authenticated attacker to upload malicious files, including webshells, potentially leading to remote code execution on the affected system. The successful exploitation could result in complete compromise of the system's confidentiality, integrity, and availability (Wiz, Security Online).

There are no effective workarounds to disable the vulnerable GUI options. Versa Networks recommends upgrading to remediated software versions: 22.1.4 (released February 8, 2025) or later, or versions 22.1.3, 22.1.2, and 21.2.3 released after June 10, 2025 (Wiz, Security Online).

The vulnerability has garnered significant attention from major cybersecurity authorities, with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) urging organizations to apply patches and monitor for signs of compromise. The CISA Rapid Action Force has been credited with discovering and reporting the flaws (GBHackers).