cbcvebase.
CVE-2025-23170
published 2025-06-19

CVE-2025-23170: The Versa Director SD-WAN orchestration platform includes functionality to initiate SSH sessions to remote CPEs and the Director shell via Shell-In-A-Box. The…

PriorityP338medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
EPSS
0.62%
45.3th percentile
The Versa Director SD-WAN orchestration platform includes functionality to initiate SSH sessions to remote CPEs and the Director shell via Shell-In-A-Box. The underlying Python script, shell-connect.py, is vulnerable to command injection through the user argument. This allows an attacker to execute arbitrary commands on the system. Exploitation Status: Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers. Workarounds or Mitigation: There are no workarounds to disable the GUI option. Versa recommends that Director be upgraded to one of the remediated software versions.

Affected

12 ranges
VendorProductVersion rangeFixed in
msrcazl3_qemu_8.2.0-16_on_azure_linux_3.0
msrccbl2_hvloader_1.0.1-5_on_cbl_mariner_2.0
msrccbl2_hvloader_1.0.1-6_on_cbl_mariner_2.0
msrccbl2_qemu_6.2.0-24_on_cbl_mariner_2.0
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64
versadirector21.2.2 – 21.2.2
versadirector21.2.3 – 21.2.3
versadirector22.1.1 – 22.1.1
versadirector22.1.2 – 22.1.2
versadirector22.1.3 – 22.1.3
versadirector22.1.4 – 22.1.4

CVSS provenance

nvdv3.16.7MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vendor_msrc5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.