CVE-2025-23171 & CVE-2025-23172: Versa Director Bugs Open Doors to Webshell Uploads and Command Execution
Ddos 
Two newly disclosed vulnerabilities in the Versa Director SD-WAN orchestration platform could allow authenticated attackers to execute remote code or escalate privileges by exploiting insecure file upload and webhook functionalities. Both vulnerabilities carry a CVSS score of 7.2, and though no real-world exploitation has been reported, proof-of-concept (PoC) code has already been made public by security researchers—raising the risk of opportunistic attacks.
CVE-2025-23171 — Insecure File Upload Enables Webshell Execution
Versa Director allows users to upload various files, such as uCPE images, for SD-WAN operations. However, a flaw in the platform’s permission checks allows file uploads to succeed even when the UI seems to block them.
“The UI appears not to allow file uploads, but uploads still succeed,” the report confirms.
Even more critically, the platform discloses the full filename and UUID prefix of uploaded temporary files, potentially giving attackers a precise path to target. An authenticated attacker could leverage this flaw to upload a malicious webshell, turning the platform into a foothold for broader compromise.
CVE-2025-23172 — Webhook Abuse Leads to Command Execution as Sudo-Privileged User
The second vulnerability lies in Versa Director’s Webhook feature, which is intended for sending alerts to external endpoints. Unfortunately, the Add Webhook and Test Webhook functions can be abused to craft custom HTTP requests directed at localhost, which is not protected against internal abuse.
“This can be leveraged to execute commands on behalf of the versa user, who has sudo privileges,” Versa warns.
With this flaw, authenticated users can potentially run system commands, escalate privileges, and take over the device via remote code execution (RCE).
Affected Versions and Fixes
Both vulnerabilities affect a wide range of Versa Director versions. Patches were released on the following dates:
| Version | Fixed On/After |
|---|---|
| 22.1.4 | February 8, 2025 |
| 22.1.3 | June 10, 2025 |
| 22.1.2 | June 10, 2025 |
| 21.2.3 | June 10, 2025 |
| Earlier builds | Not patched — must upgrade |
“Versa Networks is not aware of any reported instances where this vulnerability was exploited,” the company stated, though PoC code is available in the wild.
Related Posts:
- Critical Versa Director Flaw (CVSS 9.8): Hardcoded Credentials Grant Root Access, PoC Available
- Critical flaw affects Rancher open source container management platform
- CVE-2024-42450 (CVSS 10): Versa Networks Addresses Critical Vulnerability in Versa Director
- Versa Networks Exposes Critical API Vulnerability in Versa Director (CVE-2024-45229)
- CVE-2025-30353: Directus Vulnerability Exposes Sensitive Data in Webhook Trigger Flows
Donate