CVE-2025-23172: 
Versa Director vulnerability analysis and mitigation

CVE-2025-23172 affects the Versa Director SD-WAN orchestration platform's Webhook feature, which is designed for sending notifications to external HTTP endpoints. The vulnerability was disclosed in June 2025 and received a CVSS v3.1 score of 7.2 (High). The flaw impacts multiple versions of Versa Director, including versions prior to 22.1.4 (pre-February 8, 2025) and versions 22.1.3, 22.1.2, and 21.2.3 (pre-June 10, 2025) (NVD, Security Online).

The vulnerability exists in the Add Webhook and Test Webhook functionalities, which can be exploited by an authenticated user to send crafted HTTP requests to localhost. The flaw allows command execution on behalf of the versa user, who possesses sudo privileges. The vulnerability has been assigned a CVSS v3.1 Base Score of 7.2 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and high potential impact on confidentiality, integrity, and availability (NVD).

If successfully exploited, the vulnerability can lead to privilege escalation and remote code execution on the affected system. The attacker can potentially execute commands with sudo privileges, effectively gaining full control over the device (GBHackers).

There are no workarounds available to disable the vulnerable GUI options. Versa Networks recommends upgrading to one of the remediated software versions: 22.1.4 (released February 8, 2025) or versions 22.1.3, 22.1.2, and 21.2.3 (released June 10, 2025) (NVD).

The vulnerability has attracted attention from major cybersecurity authorities, with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) urging organizations to apply patches and monitor for signs of compromise. The CISA Rapid Action Force has been credited with discovering and reporting the flaws (GBHackers).