Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-23173

Summary
Assigner-hackerone
Assigner Org ID-36234546-b8fa-4601-9d6f-f4e334aa8ea1
Published At-18 Jun, 2025 | 23:30
Updated At-23 Jun, 2025 | 16:05
Rejected At-
Credits

The Versa Director SD-WAN orchestration platform provides direct web-based access to uCPE virtual machines through the Director GUI. By default, the websockify service is exposed on port 6080 and accessible from the internet. This exposure introduces significant risk, as websockify has known weaknesses that can be exploited, potentially leading to remote code execution. Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers. Workarounds or Mitigation: Restrict access to TCP port 6080 if uCPE console access is not necessary. Versa recommends that Director be upgraded to one of the remediated software versions.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:hackerone
Assigner Org ID:36234546-b8fa-4601-9d6f-f4e334aa8ea1
Published At:18 Jun, 2025 | 23:30
Updated At:23 Jun, 2025 | 16:05
Rejected At:
▼CVE Numbering Authority (CNA)

The Versa Director SD-WAN orchestration platform provides direct web-based access to uCPE virtual machines through the Director GUI. By default, the websockify service is exposed on port 6080 and accessible from the internet. This exposure introduces significant risk, as websockify has known weaknesses that can be exploited, potentially leading to remote code execution. Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers. Workarounds or Mitigation: Restrict access to TCP port 6080 if uCPE console access is not necessary. Versa recommends that Director be upgraded to one of the remediated software versions.

Affected Products
Vendor
Versa Networks, Inc.Versa
Product
Director
Default Status
unaffected
Versions
Affected
  • From 21.2.2 through 21.2.2 (semver)
  • From 21.2.3 through 21.2.3 (semver)
  • From 22.1.1 through 22.1.1 (semver)
  • From 22.1.2 through 22.1.2 (semver)
  • From 22.1.3 through 22.1.3 (semver)
  • From 22.1.4 through 22.1.4 (semver)
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security-portal.versa-networks.com/emailbulletins/68526ee0dc94d6b9f2faf71c
N/A
https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4
N/A
https://support.versa-networks.com/support/solutions/articles/23000026033-release-22-1-3
N/A
https://support.versa-networks.com/support/solutions/articles/23000025680-release-22-1-2
N/A
https://support.versa-networks.com/support/solutions/articles/23000024323-release-21-2-3
N/A
Hyperlink: https://security-portal.versa-networks.com/emailbulletins/68526ee0dc94d6b9f2faf71c
Resource: N/A
Hyperlink: https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4
Resource: N/A
Hyperlink: https://support.versa-networks.com/support/solutions/articles/23000026033-release-22-1-3
Resource: N/A
Hyperlink: https://support.versa-networks.com/support/solutions/articles/23000025680-release-22-1-2
Resource: N/A
Hyperlink: https://support.versa-networks.com/support/solutions/articles/23000024323-release-21-2-3
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-200CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Type: CWE
CWE ID: CWE-200
Description: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:support@hackerone.com
Published At:19 Jun, 2025 | 00:15
Updated At:23 Jun, 2025 | 20:16

The Versa Director SD-WAN orchestration platform provides direct web-based access to uCPE virtual machines through the Director GUI. By default, the websockify service is exposed on port 6080 and accessible from the internet. This exposure introduces significant risk, as websockify has known weaknesses that can be exploited, potentially leading to remote code execution. Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers. Workarounds or Mitigation: Restrict access to TCP port 6080 if uCPE console access is not necessary. Versa recommends that Director be upgraded to one of the remediated software versions.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-200Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-200
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://security-portal.versa-networks.com/emailbulletins/68526ee0dc94d6b9f2faf71csupport@hackerone.com
N/A
https://support.versa-networks.com/support/solutions/articles/23000024323-release-21-2-3support@hackerone.com
N/A
https://support.versa-networks.com/support/solutions/articles/23000025680-release-22-1-2support@hackerone.com
N/A
https://support.versa-networks.com/support/solutions/articles/23000026033-release-22-1-3support@hackerone.com
N/A
https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4support@hackerone.com
N/A
Hyperlink: https://security-portal.versa-networks.com/emailbulletins/68526ee0dc94d6b9f2faf71c
Source: support@hackerone.com
Resource: N/A
Hyperlink: https://support.versa-networks.com/support/solutions/articles/23000024323-release-21-2-3
Source: support@hackerone.com
Resource: N/A
Hyperlink: https://support.versa-networks.com/support/solutions/articles/23000025680-release-22-1-2
Source: support@hackerone.com
Resource: N/A
Hyperlink: https://support.versa-networks.com/support/solutions/articles/23000026033-release-22-1-3
Source: support@hackerone.com
Resource: N/A
Hyperlink: https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4
Source: support@hackerone.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

6Records found
CVE-2023-39393
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.03% / 5.73%
||
7 Day CHG~0.00%
Published-13 Aug, 2023 | 11:34
Updated-10 Oct, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of insecure signatures in the ServiceWifiResources module. Successful exploitation of this vulnerability may cause ServiceWifiResources to be maliciously modified and overwritten.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2024-52323
Matching Score-4
Assigner-ManageEngine
ShareView Details
Matching Score-4
Assigner-ManageEngine
CVSS Score-8.1||HIGH
EPSS-0.09% / 27.27%
||
7 Day CHG~0.00%
Published-27 Nov, 2024 | 09:54
Updated-17 Jun, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sensitive Data Exposure

Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account.

Action-Not Available
Vendor-Zoho Corporation Pvt. Ltd.ManageEngine (Zoho Corporation Pvt. Ltd.)
Product-manageengine_analytics_plusAnalytics Plusanalytic_plus
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2019-12664
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.55% / 66.91%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 20:16
Updated-21 Nov, 2024 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software ISDN Data Leak Vulnerability

A vulnerability in the Dialer interface feature for ISDN connections in Cisco IOS XE Software for Cisco 4000 Series Integrated Services Routers (ISRs) could allow an unauthenticated, adjacent attacker to pass IPv4 traffic through an ISDN channel prior to successful PPP authentication. The vulnerability is due to insufficient validation of the state of the PPP IP Control Protocol (IPCP). An attacker could exploit this vulnerability by making an ISDN call to an affected device and sending traffic through the ISDN channel prior to successful PPP authentication. Alternatively, an unauthenticated, remote attacker could exploit this vulnerability by sending traffic through an affected device that is configured to exit via an ISDN connection for which both the Dialer interface and the Basic Rate Interface (BRI) have been configured, but the Challenge Handshake Authentication Protocol (CHAP) password for PPP does not match the remote end. A successful exploit could allow the attacker to pass IPv4 traffic through an unauthenticated ISDN connection for a few seconds, from initial ISDN call setup until PPP authentication fails.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xe4351_integrated_services_router4331_integrated_services_router4321_integrated_services_routerCisco IOS XE Software
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-287
Improper Authentication
CVE-2022-39289
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.08% / 25.48%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-22 Apr, 2025 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Database log access in ZoneMinder

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as possible. Users unable to upgrade should disable database logging.

Action-Not Available
Vendor-zoneminderZoneMinder
Product-zoneminderzoneminder
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-862
Missing Authorization
CVE-2024-40836
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.58%
||
7 Day CHG~0.00%
Published-29 Jul, 2024 | 22:16
Updated-13 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved checks. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9. A shortcut may be able to use sensitive data with certain actions without prompting the user.

Action-Not Available
Vendor-Apple Inc.
Product-macosiphone_osipadoswatchoswatchOSmacOSiOS and iPadOSmacosiphone_osipad_oswatchos
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-29043
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.29% / 51.88%
||
7 Day CHG~0.00%
Published-26 Nov, 2020 | 17:49
Updated-04 Aug, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in BigBlueButton through 2.2.29. When at attacker is able to view an account_activations/edit?token= URI, the attacker can create an approved user account associated with an email address that has an arbitrary domain name.

Action-Not Available
Vendor-bigbluebuttonn/a
Product-bigbluebuttonn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Details not found