PT-2025-26196 · Versa · Versa Director
Published
2025-06-18
·
Updated
2025-06-23
·
CVE-2025-24288
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Versa Director (affected versions not specified)
Description
The Versa Director software exposes several services by default, including ssh and postgres, which can provide an easy foothold for attackers due to default credentials and multiple accounts with sudo access. There are no reported instances of this issue being exploited. A proof of concept has been disclosed by third-party security researchers.
Recommendations
- Change default passwords to complex passwords.
- Ensure passwords are complex, with at least 8 characters, including upper and lower case alphabets, at least one digit, and one special character.
- Change passwords at least every 90 days.
- Implement password change history checks to ensure that at least the last 5 passwords are used when changing passwords.
- Review and audit logs for all authentication attempts to check for unauthorized or suspicious login attempts and enforce remediation steps.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Versa Director