CVE-2025-23170

Name of the Vulnerable Software and Affected Versions Versa Director SD-WAN orchestration platform (affected versions not specified)

Description The Versa Director SD-WAN orchestration platform has a command injection issue in the Shell-In-A-Box service, allowing an attacker to execute arbitrary commands on the system through the user argument in the underlying Python script shell-connect.py. There are no reported instances of this issue being exploited, but a proof of concept has been disclosed by third-party security researchers.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.