CVE-2025-23172

Name of the Vulnerable Software and Affected Versions Versa Director SD-WAN orchestration platform (affected versions not specified)

Description The Versa Director SD-WAN orchestration platform has a Webhook feature that can be abused by an authenticated user to send crafted HTTP requests to localhost, potentially leading to privilege escalation or remote code execution. The "Add Webhook" and "Test Webhook" functionalities can be exploited to execute commands on behalf of the versa user, who has sudo privileges. There are no reported instances of this vulnerability being exploited, but a proof of concept has been disclosed by third-party security researchers.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.