Vulnerability in Versa Director
CVE-2025-24291
The Versa Director SD-WAN orchestration platform provides functionality to upload various types of files. However, the Java code handling file uploads contains an argument injection vulnerability. By appending additional arguments to the f…
EPSS: 0.001 (34.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N.
Affected products
- Versa Director — versions 21.2.2, 21.2.3, 22.1.1
References
- security-portal.versa-networks.com/emailbulletins/68526fc6dc94d6b9f2faf71d
- support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4
- support.versa-networks.com/support/solutions/articles/23000026033-release-22-1-3
- support.versa-networks.com/support/solutions/articles/23000025680-release-22-1-2
- support.versa-networks.com/support/solutions/articles/23000024323-release-21-2-3
Frequently asked questions
- What is CVE-2025-24291?
- CVE-2025-24291 is a medium-severity vulnerability in Versa Director. CVSS score: 6.1/10. Published 2025-06-18.
- How severe is CVE-2025-24291?
- Medium severity. CVSS v3 base score is 6.1 out of 10.