CVE-2025-23173: 
Versa Director vulnerability analysis and mitigation

The Versa Director SD-WAN orchestration platform contains a critical security vulnerability (CVE-2025-23173) discovered in June 2025. The platform provides direct web-based access to uCPE virtual machines through the Director GUI, with the websockify service exposed on port 6080 and accessible from the internet by default (NVD, Wiz).

The vulnerability stems from the exposure of the websockify service on port 6080, which is accessible from the internet by default. The service has known weaknesses that can be exploited. The vulnerability has been assigned a CVSS v3.1 Base Score of 7.5 HIGH with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N, indicating network accessibility, low attack complexity, and no required privileges or user interaction (NVD).

If exploited, this vulnerability could potentially lead to remote code execution on affected systems. While Versa Networks has not reported any instances of this vulnerability being exploited in the wild, proof of concept has been disclosed by third-party security researchers (NVD, Wiz).

Versa Networks recommends two primary mitigation strategies: 1) Restrict access to TCP port 6080 if uCPE console access is not necessary, and 2) Upgrade Director to one of the remediated software versions. Several patched versions have been released to address this vulnerability (NVD, Wiz).