What is CVE-2025-23173?

CVE-2025-23173 is a high-severity vulnerability in Versa Director. CVSS score: 7.5/10. Published 2025-06-18.

How severe is CVE-2025-23173?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Versa Director

CVE-2025-23173

The Versa Director SD-WAN orchestration platform provides direct web-based access to uCPE virtual machines through the Director GUI. By default, the websockify service is exposed on port 6080 and accessible from the internet. This exposure…

EPSS: 0.008 (74.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

Affected products

Versa Director — versions 21.2.2, 21.2.3, 22.1.1

References

security-portal.versa-networks.com/emailbulletins/68526ee0dc94d6b9f2faf71c
support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4
support.versa-networks.com/support/solutions/articles/23000026033-release-22-1-3
support.versa-networks.com/support/solutions/articles/23000025680-release-22-1-2
support.versa-networks.com/support/solutions/articles/23000024323-release-21-2-3

Frequently asked questions

What is CVE-2025-23173?: CVE-2025-23173 is a high-severity vulnerability in Versa Director. CVSS score: 7.5/10. Published 2025-06-18.
How severe is CVE-2025-23173?: High severity. CVSS v3 base score is 7.5 out of 10.