Skip to main content

CVE-2025-23173: Vulnerability in Versa Director

High
VulnerabilityCVE-2025-23173cvecve-2025-23173
Published: Wed Jun 18 2025 (06/18/2025, 23:30:50 UTC)
Source: CVE Database V5
Vendor/Project: Versa
Product: Director

Description

The Versa Director SD-WAN orchestration platform provides direct web-based access to uCPE virtual machines through the Director GUI. By default, the websockify service is exposed on port 6080 and accessible from the internet. This exposure introduces significant risk, as websockify has known weaknesses that can be exploited, potentially leading to remote code execution. Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers. Workarounds or Mitigation: Restrict access to TCP port 6080 if uCPE console access is not necessary. Versa recommends that Director be upgraded to one of the remediated software versions.

AI-Powered Analysis

AILast updated: 06/19/2025, 00:02:14 UTC

Technical Analysis

CVE-2025-23173 is a high-severity vulnerability affecting the Versa Director SD-WAN orchestration platform, specifically versions 21.2.2 through 22.1.4. Versa Director provides web-based management and orchestration of uCPE (universal Customer Premises Equipment) virtual machines, exposing direct access to these VMs through its GUI. The vulnerability arises because the websockify service, which facilitates web-based console access to the uCPE VMs, is exposed by default on TCP port 6080 and accessible from the internet. Websockify has known security weaknesses that can be exploited remotely without authentication or user interaction, potentially allowing an attacker to execute arbitrary code on the affected system. This could lead to compromise of the orchestration platform and possibly the underlying network infrastructure managed by Versa Director. Although no exploitation in the wild has been reported to date, proof-of-concept exploits have been publicly disclosed by third-party researchers, indicating the vulnerability is exploitable. The CVSS v3.1 base score is 7.5, reflecting a high severity due to the vulnerability's network attack vector, low attack complexity, no privileges or user interaction required, and impact on integrity (remote code execution). The vulnerability does not impact confidentiality or availability directly but can lead to significant integrity breaches. Versa Networks recommends upgrading to remediated software versions and restricting access to TCP port 6080 if uCPE console access is not necessary to mitigate risk. The exposure of websockify to the internet is the core issue, and network-level controls are critical to reducing attack surface.

Potential Impact

For European organizations, the impact of CVE-2025-23173 can be substantial, especially for enterprises and service providers relying on Versa Director for SD-WAN orchestration and management. Successful exploitation could allow attackers to execute arbitrary code on the orchestration platform, potentially leading to unauthorized changes in network configurations, disruption of SD-WAN services, or pivoting to other internal systems. This could compromise network integrity, degrade service reliability, and expose sensitive operational data. Given the critical role of SD-WAN in ensuring secure and efficient connectivity across distributed sites, exploitation could disrupt business continuity and impact sectors such as finance, telecommunications, manufacturing, and critical infrastructure. The fact that the vulnerability requires no authentication and no user interaction increases the risk of automated or opportunistic attacks. European organizations with internet-exposed Versa Director instances are particularly at risk, and the potential for lateral movement within networks raises concerns for broader enterprise security. While no active exploitation has been reported, the public availability of proof-of-concept code heightens the urgency for mitigation.

Mitigation Recommendations

1. Immediate network-level mitigation: Implement strict firewall rules or access control lists (ACLs) to block inbound traffic to TCP port 6080 on Versa Director instances unless console access is explicitly required. Restrict access to trusted IP addresses or VPNs only. 2. Software upgrade: Expedite upgrading Versa Director to the latest remediated versions beyond 22.1.4 as recommended by Versa Networks to eliminate the vulnerability. 3. Network segmentation: Isolate Versa Director management interfaces from general internet exposure by placing them behind secure management VLANs or jump hosts with multi-factor authentication. 4. Monitoring and detection: Deploy network intrusion detection/prevention systems (IDS/IPS) to monitor for anomalous traffic patterns targeting port 6080 and unusual websockify activity. 5. Incident response readiness: Prepare incident response plans specific to SD-WAN orchestration compromise scenarios, including forensic capabilities to analyze potential exploitation. 6. Vendor coordination: Maintain communication with Versa Networks for updates, patches, and advisories. 7. Configuration review: Audit Versa Director configurations to ensure no unnecessary services are exposed externally and disable websockify access if not needed. These steps go beyond generic advice by focusing on network access controls, segmentation, and operational readiness tailored to the specific nature of the vulnerability and product.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
hackerone
Date Reserved
2025-01-12T01:00:00.649Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68534fe133c7acc04607dd74

Added to database: 6/18/2025, 11:46:41 PM

Last enriched: 6/19/2025, 12:02:14 AM

Last updated: 8/4/2025, 12:45:36 PM

Views: 21

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats