Skip to main content

CVE-2025-23171

| EUVDEUVD-2025-18668 HIGH
Unrestricted Upload of File with Dangerous Type (CWE-434)
2025-06-19 support@hackerone.com
7.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 15, 2026 - 00:08 euvd
EUVD-2025-18668
Analysis Generated
Mar 15, 2026 - 00:08 vuln.today
CVE Published
Jun 19, 2025 - 00:15 nvd
HIGH 7.2

DescriptionCVE.org

The Versa Director SD-WAN orchestration platform provides an option to upload various types of files. The Versa Director does not correctly limit file upload permissions. The UI appears not to allow file uploads but uploads still succeed. In addition, the Versa Director discloses the full filename of uploaded temporary files, including the UUID prefix. Insecure UCPE image upload in Versa Director allows an authenticated attacker to upload a webshell.

Exploitation Status:

Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers.

Workarounds or Mitigation:

There are no workarounds to disable the GUI option. Versa recommends that Director be upgraded to one of the remediated software versions.

AnalysisAI

CVE-2025-23171 is an insecure file upload vulnerability in Versa Director SD-WAN orchestration platform that allows authenticated attackers with high privileges to upload malicious files (including webshells) despite UI restrictions, due to improper file upload permission validation. The vulnerability affects Versa Director and carries a CVSS score of 7.2 (High); while no active exploitation has been reported, proof-of-concept code has been publicly disclosed by third-party researchers, creating moderate real-world risk for organizations running affected versions.

Technical ContextAI

The vulnerability stems from CWE-434 (Unrestricted Upload of File with Dangerous Type), a common weakness where server-side upload controls fail to properly validate or restrict file types and permissions. Versa Director's file upload functionality—intended for legitimate configuration and image management—lacks sufficient server-side validation to enforce the UI-level restrictions that appear to block certain uploads. Additionally, the platform discloses temporary file names including UUID prefixes, enabling attackers to locate and potentially interact with uploaded files. The root cause involves insufficient access control checks on the upload endpoint, allowing authenticated high-privilege users to circumvent intended restrictions and upload executable content (webshells) to the orchestration platform.

RemediationAI

Versa Networks recommends immediate upgrade to remediated software versions of Versa Director; however, specific version numbers are not provided in the supplied data. Organizations should: (1) Access Versa Networks security advisory for exact patched version numbers; (2) Schedule urgent patching of Versa Director instances, prioritizing production orchestration platforms; (3) In interim, implement network-level access controls to restrict administrative access to Director; (4) Audit recent file uploads and check for suspicious webshell artifacts (note: uploaded filenames with UUID prefixes are logged, aiding forensics); (5) Review Director access logs for unauthorized upload attempts. No configuration workarounds exist to disable the vulnerable upload functionality via GUI, so patching is mandatory for remediation.

Share

CVE-2025-23171 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy