The Versa Director SD-WAN orchestration platform provides direct web-based access to uCPE virtual machines through the Director GUI. By default, the websockify service is exposed on port 6080 and accessible from the internet. This exposure introduces significant risk, as websockify has known weaknesses that can be exploited, potentially leading to remote code execution. 
Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers.  
Workarounds or Mitigation: 
Restrict access to TCP port 6080 if uCPE console access is not necessary. Versa recommends that Director be upgraded to one of the remediated software versions.
                
            Metrics
Affected Vendors & Products
References
        History
                    Mon, 23 Jun 2025 16:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Weaknesses | CWE-200 | |
| Metrics | ssvc 
 | 
Wed, 18 Jun 2025 23:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | The Versa Director SD-WAN orchestration platform provides direct web-based access to uCPE virtual machines through the Director GUI. By default, the websockify service is exposed on port 6080 and accessible from the internet. This exposure introduces significant risk, as websockify has known weaknesses that can be exploited, potentially leading to remote code execution. Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers. Workarounds or Mitigation: Restrict access to TCP port 6080 if uCPE console access is not necessary. Versa recommends that Director be upgraded to one of the remediated software versions. | |
| References |  | 
 | 
| Metrics | cvssV3_1 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: hackerone
Published: 2025-06-18T23:30:50.570Z
Updated: 2025-06-23T16:05:30.786Z
Reserved: 2025-01-12T01:00:00.649Z
Link: CVE-2025-23173
 Vulnrichment
                        Vulnrichment
                    Updated: 2025-06-23T15:47:51.799Z
 NVD
                        NVD
                    Status : Awaiting Analysis
Published: 2025-06-19T00:15:21.977
Modified: 2025-06-23T20:16:59.783
Link: CVE-2025-23173
 Redhat
                        Redhat
                    No data.